last executing test programs: 4.285868459s ago: executing program 0: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2025468, 0x0, 0x3, 0x0, &(0x7f0000006380)) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}, {@index_on}]}) 4.220749449s ago: executing program 0: ioperm(0x0, 0xa1c0, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000003c80)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) setgid(r3) 4.078740371s ago: executing program 0: syz_usb_connect(0x5, 0x35, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x55, 0x4c, 0xa0, 0x8, 0x4b8, 0x202, 0xacf5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x23, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xd7, 0xbc, 0x9b, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x8, 0xb, "5546ce2d608b"}]}}]}}]}}]}}, 0x0) 3.920248425s ago: executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0xffe6) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43451) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000001200)=ANY=[], 0x6) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xda00) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0x32600) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0xf) write$cgroup_int(r2, &(0x7f0000000200), 0x42400) 3.679932242s ago: executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x0, 0x0, 0x0, 0x1}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) 3.584032557s ago: executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x94b) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=@newtaction={0x18, 0x31, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 3.536410105s ago: executing program 3: r0 = socket(0x2, 0x3, 0x100000001) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="080403000b1c04dcb521ab2b45d6e757e61e6720094824a2a34c88eca636c9407ab18c0cc62db0bf5b7e488f23d45e0bb33746d8c7df21a2c74c387b7feeb52db3f9eeff2ac99fd6f734c00871eb3b00994b", @ANYRES32, @ANYBLOB="1000f6"], 0xffffffffffffff37}}, 0x20004810) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0xf5, 0x0, 0x1, 0xff, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x8742fade5e77a4ab) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000340)={@remote, 0x5}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000540)=0xffffffffffffff9f) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="5800000010000104029600"/20, @ANYRES32=0x0, @ANYBLOB="00000000022004001c00128009000100766c616e000000000c00028006000100000000000800050026120b262c2f8317a764e856f460aa7f87aeb6ed65f17a125b1c514b0bfaed61de7402381a", @ANYRES32=0x0, @ANYBLOB="14001280090001007660616e0000000004000280a0fd3483cd424bd28b7581009d0a6f42a7b8ac25d5e14871459b364073b14b4390f86e42f08beaa09d77fbc9415f90062b415cfe742c1b01dc3abe61a022b5698ce7c9b17dd90f0f159a99272ae2747792dc4252f6ee6592d75baf4c9d81b2d6db87a9bc5e65ce6fd0da412886317e25f80ee6"], 0x58}}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bind$packet(r1, &(0x7f0000000680)={0x11, 0x1, r2, 0x1, 0x29, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}, 0x14) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x11, 0x80a, 0x0) r7 = socket(0x8, 0x80000, 0x8) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000008d40)=@newlink={0x48, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_FLAGS={0x6}]}}}]}, 0x48}}, 0x0) sendto$packet(r7, &(0x7f00000004c0)="1a69d8a9612611f8678592886d2607b04fa02e41d4feac5a20f7222e3ceac2e6b3ff153ec4486fe96aa8c920c9279a957e2d8939e67fdc4503015281e0f0dd0a94797e103884b0157ef5fd4685cbac0016", 0x51, 0x40, &(0x7f0000000280)={0x11, 0x11, r10, 0x1, 0x40, 0x6, @link_local}, 0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0089d100"/20, @ANYRES32=r8, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c000280080007000b000000"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000006c0)={&(0x7f0000000a40), 0x290c}, 0x1, 0x0, 0x0, 0x24004890}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000800)=@ipv6_deladdr={0x9c, 0x15, 0x800, 0x70bd28, 0x25dfdbff, {0xa, 0x1f, 0x6, 0xfe}, [@IFA_ADDRESS={0x14, 0x1, @private0}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @IFA_FLAGS={0x8, 0x8, 0x102}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_CACHEINFO={0x14, 0x6, {0x8bbd, 0x9616, 0x5, 0x5b90c819}}, @IFA_CACHEINFO={0x14, 0x6, {0x7ff, 0x7ff, 0xef, 0xffffffff}}, @IFA_ADDRESS={0x14, 0x1, @local}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}]}, 0x9c}, 0x1, 0x0, 0x0, 0x844}, 0x5) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r11, &(0x7f0000000200), 0x400c00) sendmsg$nl_route(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[], 0xffffffffffffff37}}, 0x4004004) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0xf5, r2, 0x1, 0xff, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000340)={@remote, 0x5}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x54, 0x10, 0x401, 0x9602, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42002}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r12}]}, 0x54}}, 0x0) 3.184627199s ago: executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000300)={0x0, 0x0, 0x0, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x8, r2, 0x11}) 3.096394153s ago: executing program 3: openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x20000000000000f5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0xffffffb6, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42) 2.910231071s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000400)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x44018, &(0x7f0000000100), 0x3, 0x540, &(0x7f0000000980)="$eJzs3d9rZFcdAPDvnZ3JJrvZJlUftNBabWW36M5sGtsGH2oFUV8KYn1fYzIbwk4yITNpN6Fo8hcIIir4pC++CP4Bgiz44qMIBX1WqCiiuwoqaK/MzJ0kTO4ks+0ks5l8PnD3nvvz+z2zOWfunTncCeDCejYiXouI99I0fSEiZrL1hWyK3c7U2u/hg7eXHv4nTdNI0zf+lkSSreueK8nmV7PDJiPia1+O+GZ3w8RB3Mb2zt3FWq26mS1Xmmsblcb2zs3VtcWV6kp1fX5+7uWFVxZeWrg1lHpei4hXv/in73/np1969ZefeeuPt/9y41uttKaz7Yfr8YiKx23sVL10ebLngM33Gezx06lZqbs4NdhRe6eWDwAAx2ld438oIj4ZES/ETFw6/nIWAAAAOIfSz0/Hf5OINN9En/UAAADAOVJoj4FNCuVsLMB0FArlcmcM70fiSqFWbzQ/fae+tb7cGSs7G6XCndVa9VY2Vng2Sklrea5dPlh+sWd5PiKejIjvzUy1l8tL9dryqD/8AAAAgAvias/9/z9nOvf/AAAAwJiZHXUCAAAAwKlz/w8AAADjz/0/AAAAjLWvvv56a0q7v3+9/Ob21t36mzeXq4275bWtpfJSfXOjvFKvr7Sf2bd20vlq9frGZ2N9616lWW00K43tndtr9a315u3VmDyTCgEAAABHPPnx+79PImL3c1PtqWVi1EkBZ6K4X0qyeU7r/8MTnfm7Z5QUcCYuDbDPu5fz17tOgPOt2LuiT1sHxk9p1AkAI5ecsL3v4J3fZPNPDDcfAABg+K5/LP/7/5O/F9gtnEF6wCnSiOHi6nmfT2cGP3Rq6MkAZ6r9/f+gA3lcLMBYKQ00AhAYZx/4+/8TpekjJQQAAAzddHtKCuXs473pKBTK5Yhr7Z8FKCV3VmvVWxHxRET8bqZ0ubU81z4yOfGeAQAAAAAAAAAAAAAAAAAAAAAAAADoSNMkUgAAAGCsRRT+nPyq8yz/6zPPT/d+PjCR/Lv9k8ATEfHWj974wb3FZnNzrrX+7/vrmz/M1r84ik8wAAAAgF7d+/T2/F+jzgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAcfPwwdtL3WmA3aeGFfevX4iI2bz4xZhszyejFBFX/pFE8dBxSURcGkL83b2I+Ghe/KSV1n7IvPjDeBFOiB+z2avQG7/l6hDiw0V2v9X/vJbX/grxbHue3/6KEUfa4/vRv/+L/f7vUp/+59qAMZ565+eVvvH3Ip4q5vc/3fhJn/jPDRj/G1/f2em3Lf1xxPXu+0+7xzsc4aBUaa5tVBrbOzdX1xZXqivV9fn5uZcXXll4aeFW5c5qrZr9mxvju0//4r3j6n8l9/0vybLpX//nc86X9570v3fuPfhwd2H3aPwbz+XE//VPsj2Oxi9kcT6VlVvbr3fLu53yYc/87LfPHFf/5YP6lx7l//9Gv5P2OtJQnh70TwcAOAWN7Z27i7VadfP8FfYG27l1lz7qVBUez8K3h3rCNE3TVpvK2XQ/IgY5TxJDrmkhP5+DQt8eYNQ9EwAAMGzZRX8UG6POBAAAAAAAAAAAAAAAAAAAAC6us3jKWm/M7BHIX4lIhvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAofh/AAAA//8W7NXD") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7511d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d131c2e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10738d3c9f7a98eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe977076ce7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d1a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc084275ad10727522934a87a4ddcdb112754ca5bdec0ead14b6c0f19a4b126bbe0c2b8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc5484ea9f56f030b636626aa035ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c158ae8f44bfbfa7c2730302b66a99f66705b71e6205e7cbf36435e1eabb9a63fcd604d5cc27e1317ad94cf438d7187a2fe4e06fa6cbf84ef1efa82cb2c4af6bd1370616cdbe2b98fd89b79824ba089df1f81e6fcef073059f5f1d6a221d791839d7826ed1759c2153532c393fd1b"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000001a00)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001780)={0x214, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x7a}}}}, [@NL80211_ATTR_IE={0xe0, 0x2a, [@random_vendor={0xdd, 0xaf, "77b71d5639d622a7fa9ca9b8779da370ff877309135af228f35f4ded28220923a0a6d34b0d7f47c2c80fdeb7e436ddde5023c5f2203fe73ca9eee078b9b3348c3317f4def9be9fa8cbedbf825ac98132dd976c0f0effa24bc9b5be7ac453923437a0efe40c73f88f39444acf4bb481bacc70ab8f6ef57039c69e5f14ff2a8b11cfff8bf51e0300510d4a26e4fc3bf943d53da69043ae8b282c265adfe2da00f1ea0ef4bb1ad76020794f27d62966ae"}, @link_id={0x65, 0x12, {@random="ef4eaf636d06", @broadcast, @broadcast}}, @rann={0x7e, 0x15, {{0x1, 0x8}, 0x0, 0x48, @device_a, 0x80000000, 0x2, 0x1fffe0}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0x1b, 0xfc, "775a9f2440c2a86ef08cf167b57ca1716a0efa8983f838"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x4}, @NL80211_ATTR_FILS_ERP_REALM={0xdd, 0xfa, "73e31ecc60bd36a7cd3dc7d5de74c06dad366b3ad75b4e341010eec8d4b353c31b46f2ca3d26c220a8fd5c7986dfcad3033ad80367fd99b7cea28285ee90d8d6795cc6fac7f69ec8ab720831d01d4f8a891f8cb240318b16658d11d6fc2500d0f0eb89066b9940fdfd3e6d2a68ad29916d14bf4e3b7ad41289bb12be8d617735e415baee67deea0246183a44b1bc599c8f6cd3c809864b36390b54caac39b5a6b4f4c1e3d13aa4cfdec24d3e324a596a13b314f10a6b056f37372dd73288169c6ff9c9e554e26494667c2875ed54b1e221adf33f8f8181c96a"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xff}]]}, 0x214}, 0x1, 0x0, 0x0, 0x44}, 0x20000800) bind$packet(r1, &(0x7f0000001a40)={0x11, 0xf5, 0x0, 0x1, 0x2, 0x6, @remote}, 0x6f) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000000c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) syz_emit_ethernet(0x16, &(0x7f00000005c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa0010005870c5c6000000"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) getxattr(&(0x7f0000000180)='./cgroup/file0\x00', 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = getpid() process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0xffffff3b}], 0x2, &(0x7f0000008640)=[{&(0x7f0000000000)=""/95, 0x7ffff000}], 0x286, 0x0) 2.495230325s ago: executing program 1: socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$unix(0x1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000780)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0) eventfd(0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d3501000000000095000000000000006116000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf530000000000000f650000000000006507f9ff0100000607070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0d"], 0x0}, 0x90) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000880)={@flat=@handle={0x73682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0x14}, @fda={0x66646185, 0x5, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 2.177446064s ago: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x1fffe000000}) 2.173901895s ago: executing program 4: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000b40), 0x0) futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000001600), 0x42fffffe) 2.159501997s ago: executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000001b40)={&(0x7f00000014c0)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000019c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @local}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4, 0x200}]}}}], 0x38}, 0x0) 2.147660309s ago: executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x94b) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=@newtaction={0x18, 0x31, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 2.041535485s ago: executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2001095, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x838734, &(0x7f0000000240)={[{@nojournal_checksum}, {@grpjquota, 0x1e}, {@grpid}, {@block_validity}, {@sysvgroups}, {@bh}, {@noblock_validity}, {@nolazytime}, {@jqfmt_vfsold}, {@resuid}, {@debug}, {@jqfmt_vfsv0}, {@debug}]}, 0xee, 0x43a, &(0x7f0000000880)="$eJzs289vFFUcAPDvzLag/GpFREHQKhobf7S0oHLwotHEgyYmesBjbQtBFmpoTYQ0Wo3BoyHxbjya+Bd40otRTyZe9W5IiDYmoKea2Z0pu0u39Mcui8znkwy8t/N23/vum7fz9r1uAKU1lP2TROyIiN8iYqCebS4wVP/v2uL85D+L85NJLC29+WdSK3d1cX6yKFo8b3ueGU4j0k+TvJJms+cvnJ6oVqfP5fnRuTPvjc6ev/DMqTMTJ6dPTp8dP3bs6JGx558bf7YjcWZxXd3/4cyBfa++fen1yeOX3vnpm6y9ew/WzzfG0SlDWeB/LdW0nnu805X12M6GdNLXw4awLpWIyLqrvzb+B6IS1ztvIF75pKeNA7oquzdtbX96YQm4gyXR6xYAvVHc6LPvv8Vxi6Yet4UrL9a/AGVxX8uP+pm+SPMy/V2sfygiji/8+2V2RJfWIQAAGn2XzX+eXmn+l8behnK78j2UwYi4JyJ2R8S9EbEnIu6LqJW9PyIeWGf9rVtDN85/0ssbCmyNsvnfC/neVvP8r5j9xWAlz+2sxd+fnDhVnT6cvyfD0b81y4+tUsf3L//6ebtzjfO/7MjqL+aCeTsu97Us0E1NzE10alJ65eOI/X0rxZ8s7wQkEbEvIvav76V3FYlTT359oF2hm8e/ig7sMy19FfFEvf8XoiX+QrL6/uToXVGdPjxaXBU3+vmXi2+0q39T8XdA1v/bmq//lhIDfyeN+7Wz66/j4u+ftf1Os9Hrf0vyVm3Pekv+2AcTc3PnxiK2JK/V8k2Pj19/bpEvymfxDx9aefzvzp+Txf9gRGQX8cGIeCgiHs7b/khEPBoRh1aJ/8eXHnt34/F3Vxb/1Iqff8vX/2Bz/68/UTn9w7ft6l9b/x+tpYbzR2qffzex1gZu5r0DAACA/4s0InZEko4sp9N0ZKT+N/x7YltanZmde+rEzPtnp+q/ERiM/rRY6RpoWA8dSxbyV6znx/O14uL8kXzd+IvK3bX8yORMdarHsUPZbW8z/jN/VHrdOqDr/F4Lyqt1/Kc9agdw67n/Q3kZ/1Bexj+U10rj/6OWvL0AuDO5/0N5Gf9QXsY/lJfxD6W0md/1S5Q5Eelt0QyJLiV6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQGf8FAAD//yWS7pw=") 1.841182596s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f00000000c0)={[{@nombcache}, {@debug}, {@norecovery}, {@grpquota}, {@norecovery}]}, 0x9, 0x60c, &(0x7f00000001c0)="$eJzs3c9vFGUfAPDvTH/Svrwt5M2reJAmxkCitLSAIcZEiFdC8MfNU6WFIIUSWqNFEkuCF43x4sHEkwfxv1ASrx68evDiyZA0xnAQg7JmtrNl2+2W7XZ/tN3PJxn6zAw7z3fKfnmeffaZmQA61kj2RxpxICKuJRFDZfu6I985svz37v9x83y2JFEovPl7Ejc/ShbLj5XkPwfzF/8zFMlPacT+rsp65xZuXJ6cmZm+nq+PzV+5Nja3cOPIpSuTF6cvTl+deGni5InjJ06OH93S+e0tK5+5/e77Q5+cffubrx4m49/+cjaJU/Eojy07r7Wv7dtSzdnvbCQKyx6Ub89+rye3eOzt4s+h0vvksWTtBratC/n7sScinoqh6Cr71xyKj19va3BAUxWSKLVRQMdJ6sr//sYHArRYqR9Q+my/3ufgSmmTeyVAKyydXh4AWM79nogo5X/38thg9BfHBgbuJ6vGeZKI2NrI3LKsjh9/OHs7W6LKOBzQHIu3SqPca9v/pJibw9FfXBu4n67K/7Rsyba/UWf9I2vW5T+0zuKtiHg6b/97o+78f6fO+uU/AAAAAAAANM7d0xHx4nrz/9KV+T+968z/GYyIUw2o/8nf/6X38kLSgOqAMkunI16pmP/7d/ns4OGu/Hv+vcX5AD3phUsz00cj4r8RcTh6+rL18dWHXTVB+Mhn+7+sVn/5/L9syeovzQXMD3Wve82FuFOT85ONOXvobEu3Ip4pzv89mG9ZPf8na/+Tivb/09eyBL9WYx37n79zrtq+J+c/0CyFryMOrXv9z+PudrLx/TnGiv2BsVKvoNKzH37+XbX65T+0T9b+D2yc/31J+f165jZ3/N6IOLbQXai2v97+f2/yVlfp+JkPJufnr49H9CZnKrdPbC5m2K1K+VDKlyz/Dz+38fjfSv+/LA/3RMRijXX+/9Hgr9X2af+hfbL8n9q4/R9e3f5vttAfE3eGv89vMVbhXE3t//Fim34432L8D8pV3o+j1gRtS7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMOlEfGfSNLRlXKajo5GDEbE/2IgnZmdm3/hwux7V6eyfauf/z+0vJ6Unv8/XLY+sWb9WETsi4gvuvYU10fPz85MtfvkAQAAAAAAAAAAAAAAAAAAYJsYLF7zX+hbe/1/5reudkcHNF13/lO+Q+fprvuVhb6GBgK0XP35D+x0ted/T1PjAFqvev4/eFgoamk4QAvp/0PnqjP/fV0Au4D2HzpVjWN6/c2OA2iHmtv/pebGAQAAAAAANMS+g3d/TiJi8eU9xSXTm+8z2R92t7TdAQBtYw4vdK7u2XZHALSLz/hAslL6a92L/avP/k+aExAAAAAAAAAAAAAAUOHQAdf/Q6dKIzZ4hLe5/bCbbXD9/3rJ73YBsItUf/RHLW1/oocAO5jP+MCT2nHX/wMAAAAAAAAAAADANtB/4/LkzMz09bmFnVd4dXuEsbnC4uS2CKOhhUfNOXJPRGyPE2x1oXQLjjaG0eb/lwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBX/BgAA///kYDBi") ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/fib_trie\x00') preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000540)=""/115, 0x200005b3}], 0x1, 0x8, 0x0) sendmsg$key(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x40800) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x7709, &(0x7f0000000300)='\x00\x00\a\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00') quotactl$Q_QUOTAON(0xffffffff80000500, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 1.835446207s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES64], 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000300), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f0000000000)={0x2, 0x200}) 1.073127375s ago: executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="30010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000014000000040001800400098064000780", @ANYRES32], 0x130}}, 0x0) 1.019791703s ago: executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x94b) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=@newtaction={0x18, 0x31, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 1.019184354s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x208080, &(0x7f00000000c0), 0x1, 0x598, &(0x7f0000000800)="$eJzs3c1vHGcZAPBnxp9N3TqBHqACEqAQUJR17LRR1UubCwhVlRAVB+CQGntjmayzIWuX2kSy+zeABBKnIvEPcEDigNQTByQOnBASB4RUDkgBIlACATFoZsfOxh7HG3u9G+zfTxrNx+t9n+ed1XzsO8m8ARxbZyJiIyJGI+KtiJgstyflFK+1p/zv7t65NXfvzq25JLLszb8mRXm+LTo+k3u6rHM8Ir7yxYhvJjvjtlbXrs02GvWb5frU8tKNqdbq2vnFpdmF+kL9+szMpelLF16++NJMz9p6eumnt7+w+PpXf/Hzj3/wm43PfzdPa6Is62zHYxl9dHG76SNbcXLDEfH6voI9eYbK+R67gSdUGhEfiohPFcf/ZAzF8Fi+Pcuy9UHnBgAcjiybjGyycx0AOOrSog8sSWtlX8BEpGmt1u7Dey5OpI1ma/nc1ebK9fl2X9nJGEmvLjb+lZ0a+/238xuGhZHk6mKjPl2UFeXF+sy29YsRcSoivj/2VLFem2s25gd43wMAx9nT267//xhrX/+7UPFUDwD4vzE+6AQAgL5z/QeA4+bMoBMAAAagi9//5cP+jUPPBQDoD/3/AHD8uP4DwPHj+g8Ax8qX33gjn7J75fuv599eXbnWfPv8fL11rba0Mleba968UVtoNheKd/Ys7VVfo9m8Mf1irLwztVxvLU+1VteuLDVXri9fKd7rfaU+0pdWAQCPcur0+79LImLjlaeKKTrGcnCthqMtHXQCwMAMDToBYGCGB50AMDDd/8b/1aHmAQxO5cu8xysXH/bDxwji3xnBE+XsRzv7/4uhfyv6/x9+LgAcDfr/4fjaX///qz3PA+i/fff//6S3eQD9l2XJ9jH/R7eKAIAjqdvn//eznbcO6z29EwEGZa/BvHvy/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOmImI+FYkaa0cC3wi0rRWi3gmIk7GSHJ1sVG/EBHPxumIGBnL16cHnTQAcEDpn5Ny/K+zky9MbC8dTf45Vswj4js/evMH78wuL9+czrf/bWv72ObwYTMPPtftuIIAwOErrt8z5bzjh/zdO7fmNqdHVvD1Z3qaz+3L8Z9yKOK5e3duFVO7ZDiGi/l4cS9x4u9Jud4ei/T5iBjqQfyNdyPiI1XtT4q+kZPlyKed8aOM3Ys90X389KH4aVHWnuc3Xx/uQS5w3Lx/OSJee+j4Kw+zNM4U8+rjf7w4Qx3c7cvtyjbPfQ/Of+nW+W+oIn4yGmV+XcR48Zdf6lwf7Sx7N+L54ar4yVb8pCp+RLzQZfw/fOwT33t1l7LsvYizUR2/M9bU8tKNqdbq2vnFpdmF+kL9+szMpelLF16++NLMVNFHPbXZU73TX1459+xuueXtP7FL/PHK9j/Ye5/psv0//vdb3/jkI+J/7tPV3/9z+ey31fs/vyZ+tqK+/+4cpz9mT/xs1+G78/jzD9o/Hnt9/+ObpRHn2ovZ+h7t/+BPa/N7/AkA0Eet1bVrs41G/eaBFvJfob2oZ8dCnmJPK+xcqKj5j3FIsfazMLL/vfpeMoCcf721ZXjrXrW3Ib6W19jndqWbrUgOcsjcz7KsJ/ncrSjK1mP9cY+U/Ava89Db1eghn5aAPmitru3aN9CjLnYAAAAAAAAAAAAAAOCA+vE/qLbHvJdlFW8pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMf3vwAAAP//QonTAQ==") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x804020, 0x0) 959.733372ms ago: executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x0, 0x0, 0x0, 0x1}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) 867.790327ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfffff03c}, {0x6}]}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1}, 0x48) bpf$MAP_UPDATE_BATCH(0x18, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x3ff, r2}, 0x38) 820.858194ms ago: executing program 1: syz_usb_connect(0x5, 0x35, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x55, 0x4c, 0xa0, 0x8, 0x4b8, 0x202, 0xacf5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x23, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xd7, 0xbc, 0x9b, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x8, 0xb, "5546ce2d608b"}]}}]}}]}}]}}, 0x0) 756.671544ms ago: executing program 2: syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x800090, &(0x7f0000000700)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d302c756e695f786c6174653d302c756e695f786c6174653d312c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c757466383d302c726f6469722c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d63703835372c636f6465706167653d3836302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c757466383d312c73686f72746e616d653d6c6f7765722c757466383d312c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c756e695f786c6174653d312c73686f72746e616d653d77696e39352c726f6469722c73686f72746e616d653d6d697865642c73686f72746e616d653d6d697865642c757466383d302c757466383d302c6e6e6f6e756d74616929b1312c7375626a5f757365723d5c242a5b292a3a275c2c00"], 0x6, 0x2dd, &(0x7f0000000d40)="$eJzs3b1rJGUYAPBnNrMfarEprETwBS2sjsu1NglyB2IqjxSnggbvDiQbhAtE/MD1KrGzsfQvEAT/EBs7S8FWsPPEg5H5yn7csNmT24iX36+4ezPzPPM+7zuTZJo8+/6Lx0e3U9y9//mvMRpl0dsdRjzIYjt60foyFux+EwDA/9mDoog/ilrH6V++XpE72mBdAMDmnPP7v5FX/94qI368uNoAgM24eevtN/f296+/ldIobhx/dXqQRUT5f31+7258GJO4E1djHA8jqheFflRvC+XwRlEU0zyVtuOV4+npQZl5/N5PzfX3fo+o8ndiHNvVobO3jSr/jf3rO6k2lz8t63i2mX+3zL8W43j+LHkh/1pHfhwM4tWX5+q/EuP4+YP4KCZxuypilv/FTkqvF9/++dk7ZXllfjY9PRhWcTPFVjv59ILvEQAAAAAAAAAAAAAAAAAAAAAAT58rKaW/i5SGUfXvKQ81/Xe2HpZf9CO16v4+72Z1YtMfKGsvNOsPFL2iKKZFfNf217maUiqawFl/nzxeyJvGggAAAAAAAAAAAAAAAAAAAHDJnXzy6dHhZHLn3hMZtN0A8oj462bEv73O7tyRl2J18LCZ83Ay6TXDxZh8/khstTFZxMoyykU8oW05b/DMIzU3g+9/6MwqV3SSR9ep0fmT9rvneszBx/16Hztj2qfr6DDr3sPhWfGj8sbF8o0bRPfs/Vg6Mmjv53Jw+yiut5xB56nxY2/L4LlqMF0RE9mq74vXfltYThZLwYOq40Zner8ZdO1G/Wys9TzHqE5/9GdFplsHAAAAAAAAAAAAAAAAAABs1Oyvf+c+y791f2VqrxhusjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuDizz/9fZ5AvJq+RNYh7J//V2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALg8/gkAAP//u3xRQA==") r0 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000280)=""/4096, 0x9005) 636.863542ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x9, 0xaa, 0x1, 0x1, 0x0, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000380), 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r0, &(0x7f0000000180), 0x0}, 0x20) 490.565065ms ago: executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x21408, 0x0, 0x1, 0x0, &(0x7f0000006380)) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='virtiofs\x00', 0x0, 0x0) 443.284952ms ago: executing program 2: mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901) fchdir(r0) close(r0) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000002340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8450}, 0x40011) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) write$binfmt_script(r1, &(0x7f00000019c0)={'#! ', './file0', [{0x20, 'gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00'}]}, 0x484) close(0xffffffffffffffff) unshare(0x60070000) syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x23d0ce, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x58) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat(r5, &(0x7f0000001380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r5, &(0x7f00000001c0)='./file0\x00') r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000002d40)={0x0, 0x0, &(0x7f0000002d00)={&(0x7f0000002cc0)={0x28, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_PARAMS={0x9}, @NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x28}}, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=[&(0x7f0000000340)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\f\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f0000000c40)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00'], 0x0) socket$inet6(0xa, 0x2, 0x0) 393.61996ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000400)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x44018, &(0x7f0000000100), 0x3, 0x540, &(0x7f0000000980)="$eJzs3d9rZFcdAPDvnZ3JJrvZJlUftNBabWW36M5sGtsGH2oFUV8KYn1fYzIbwk4yITNpN6Fo8hcIIir4pC++CP4Bgiz44qMIBX1WqCiiuwoqaK/MzJ0kTO4ks+0ks5l8PnD3nvvz+z2zOWfunTncCeDCejYiXouI99I0fSEiZrL1hWyK3c7U2u/hg7eXHv4nTdNI0zf+lkSSreueK8nmV7PDJiPia1+O+GZ3w8RB3Mb2zt3FWq26mS1Xmmsblcb2zs3VtcWV6kp1fX5+7uWFVxZeWrg1lHpei4hXv/in73/np1969ZefeeuPt/9y41uttKaz7Yfr8YiKx23sVL10ebLngM33Gezx06lZqbs4NdhRe6eWDwAAx2ld438oIj4ZES/ETFw6/nIWAAAAOIfSz0/Hf5OINN9En/UAAADAOVJoj4FNCuVsLMB0FArlcmcM70fiSqFWbzQ/fae+tb7cGSs7G6XCndVa9VY2Vng2Sklrea5dPlh+sWd5PiKejIjvzUy1l8tL9dryqD/8AAAAgAvias/9/z9nOvf/AAAAwJiZHXUCAAAAwKlz/w8AAADjz/0/AAAAjLWvvv56a0q7v3+9/Ob21t36mzeXq4275bWtpfJSfXOjvFKvr7Sf2bd20vlq9frGZ2N9616lWW00K43tndtr9a315u3VmDyTCgEAAABHPPnx+79PImL3c1PtqWVi1EkBZ6K4X0qyeU7r/8MTnfm7Z5QUcCYuDbDPu5fz17tOgPOt2LuiT1sHxk9p1AkAI5ecsL3v4J3fZPNPDDcfAABg+K5/LP/7/5O/F9gtnEF6wCnSiOHi6nmfT2cGP3Rq6MkAZ6r9/f+gA3lcLMBYKQ00AhAYZx/4+/8TpekjJQQAAAzddHtKCuXs473pKBTK5Yhr7Z8FKCV3VmvVWxHxRET8bqZ0ubU81z4yOfGeAQAAAAAAAAAAAAAAAAAAAAAAAADoSNMkUgAAAGCsRRT+nPyq8yz/6zPPT/d+PjCR/Lv9k8ATEfHWj974wb3FZnNzrrX+7/vrmz/M1r84ik8wAAAAgF7d+/T2/F+jzgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAcfPwwdtL3WmA3aeGFfevX4iI2bz4xZhszyejFBFX/pFE8dBxSURcGkL83b2I+Ghe/KSV1n7IvPjDeBFOiB+z2avQG7/l6hDiw0V2v9X/vJbX/grxbHue3/6KEUfa4/vRv/+L/f7vUp/+59qAMZ565+eVvvH3Ip4q5vc/3fhJn/jPDRj/G1/f2em3Lf1xxPXu+0+7xzsc4aBUaa5tVBrbOzdX1xZXqivV9fn5uZcXXll4aeFW5c5qrZr9mxvju0//4r3j6n8l9/0vybLpX//nc86X9570v3fuPfhwd2H3aPwbz+XE//VPsj2Oxi9kcT6VlVvbr3fLu53yYc/87LfPHFf/5YP6lx7l//9Gv5P2OtJQnh70TwcAOAWN7Z27i7VadfP8FfYG27l1lz7qVBUez8K3h3rCNE3TVpvK2XQ/IgY5TxJDrmkhP5+DQt8eYNQ9EwAAMGzZRX8UG6POBAAAAAAAAAAAAAAAAAAAAC6us3jKWm/M7BHIX4lIhvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAofh/AAAA//8W7NXD") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7511d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d131c2e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10738d3c9f7a98eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe977076ce7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d1a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc084275ad10727522934a87a4ddcdb112754ca5bdec0ead14b6c0f19a4b126bbe0c2b8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc5484ea9f56f030b636626aa035ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c158ae8f44bfbfa7c2730302b66a99f66705b71e6205e7cbf36435e1eabb9a63fcd604d5cc27e1317ad94cf438d7187a2fe4e06fa6cbf84ef1efa82cb2c4af6bd1370616cdbe2b98fd89b79824ba089df1f81e6fcef073059f5f1d6a221d791839d7826ed1759c2153532c393fd1b"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000001a00)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001780)={0x214, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x7a}}}}, [@NL80211_ATTR_IE={0xe0, 0x2a, [@random_vendor={0xdd, 0xaf, "77b71d5639d622a7fa9ca9b8779da370ff877309135af228f35f4ded28220923a0a6d34b0d7f47c2c80fdeb7e436ddde5023c5f2203fe73ca9eee078b9b3348c3317f4def9be9fa8cbedbf825ac98132dd976c0f0effa24bc9b5be7ac453923437a0efe40c73f88f39444acf4bb481bacc70ab8f6ef57039c69e5f14ff2a8b11cfff8bf51e0300510d4a26e4fc3bf943d53da69043ae8b282c265adfe2da00f1ea0ef4bb1ad76020794f27d62966ae"}, @link_id={0x65, 0x12, {@random="ef4eaf636d06", @broadcast, @broadcast}}, @rann={0x7e, 0x15, {{0x1, 0x8}, 0x0, 0x48, @device_a, 0x80000000, 0x2, 0x1fffe0}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0x1b, 0xfc, "775a9f2440c2a86ef08cf167b57ca1716a0efa8983f838"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x4}, @NL80211_ATTR_FILS_ERP_REALM={0xdd, 0xfa, "73e31ecc60bd36a7cd3dc7d5de74c06dad366b3ad75b4e341010eec8d4b353c31b46f2ca3d26c220a8fd5c7986dfcad3033ad80367fd99b7cea28285ee90d8d6795cc6fac7f69ec8ab720831d01d4f8a891f8cb240318b16658d11d6fc2500d0f0eb89066b9940fdfd3e6d2a68ad29916d14bf4e3b7ad41289bb12be8d617735e415baee67deea0246183a44b1bc599c8f6cd3c809864b36390b54caac39b5a6b4f4c1e3d13aa4cfdec24d3e324a596a13b314f10a6b056f37372dd73288169c6ff9c9e554e26494667c2875ed54b1e221adf33f8f8181c96a"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xff}]]}, 0x214}, 0x1, 0x0, 0x0, 0x44}, 0x20000800) bind$packet(r1, &(0x7f0000001a40)={0x11, 0xf5, 0x0, 0x1, 0x2, 0x6, @remote}, 0x6f) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000000c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) syz_emit_ethernet(0x16, &(0x7f00000005c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa0010005870c5c6000000"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) getxattr(&(0x7f0000000180)='./cgroup/file0\x00', 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = getpid() process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0xffffff3b}], 0x2, &(0x7f0000008640)=[{&(0x7f0000000000)=""/95, 0x7ffff000}], 0x286, 0x0) 0s ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0600000000000000e1"]) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. 2024/06/13 02:10:26 fuzzer started 2024/06/13 02:10:26 dialing manager at 10.128.0.163:30000 [ 21.047888][ T23] audit: type=1400 audit(1718244626.590:66): avc: denied { node_bind } for pid=344 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.068376][ T23] audit: type=1400 audit(1718244626.590:67): avc: denied { name_bind } for pid=344 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 21.119116][ T351] cgroup1: Unknown subsys name 'net' [ 21.124251][ T23] audit: type=1400 audit(1718244626.660:68): avc: denied { mounton } for pid=351 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.125700][ T351] cgroup1: Unknown subsys name 'net_prio' [ 21.153138][ T23] audit: type=1400 audit(1718244626.660:69): avc: denied { mount } for pid=351 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.158704][ T355] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.175235][ T23] audit: type=1400 audit(1718244626.670:70): avc: denied { setattr } for pid=357 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9886 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.207128][ T351] cgroup1: Unknown subsys name 'devices' [ 21.216285][ T23] audit: type=1400 audit(1718244626.700:71): avc: denied { mounton } for pid=358 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.241143][ T23] audit: type=1400 audit(1718244626.700:72): avc: denied { mount } for pid=358 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.264625][ T23] audit: type=1400 audit(1718244626.760:73): avc: denied { unmount } for pid=351 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.284333][ T23] audit: type=1400 audit(1718244626.760:74): avc: denied { relabelto } for pid=355 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.309953][ T23] audit: type=1400 audit(1718244626.760:75): avc: denied { write } for pid=355 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.351569][ T352] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.374286][ T351] cgroup1: Unknown subsys name 'hugetlb' [ 21.380019][ T351] cgroup1: Unknown subsys name 'rlimit' 2024/06/13 02:10:27 starting 5 executor processes [ 21.989534][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.996442][ T369] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.004049][ T369] device bridge_slave_0 entered promiscuous mode [ 22.014871][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.021961][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.029325][ T370] device bridge_slave_0 entered promiscuous mode [ 22.039546][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.046494][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.053894][ T370] device bridge_slave_1 entered promiscuous mode [ 22.065722][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.072638][ T369] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.079926][ T369] device bridge_slave_1 entered promiscuous mode [ 22.115700][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.122574][ T371] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.129724][ T371] device bridge_slave_0 entered promiscuous mode [ 22.137174][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.144018][ T371] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.151397][ T371] device bridge_slave_1 entered promiscuous mode [ 22.230440][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.237357][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.244653][ T372] device bridge_slave_0 entered promiscuous mode [ 22.263685][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.270517][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.277924][ T373] device bridge_slave_0 entered promiscuous mode [ 22.290791][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.297682][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.304967][ T372] device bridge_slave_1 entered promiscuous mode [ 22.319055][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.325921][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.333280][ T373] device bridge_slave_1 entered promiscuous mode [ 22.457976][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.464835][ T370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.472018][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.478916][ T370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.494561][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.501393][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.508543][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.515298][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.562682][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.569512][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.576667][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.583508][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.599234][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.606089][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.613206][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.619956][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.647038][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.653898][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.661007][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.667793][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.697864][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.706209][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.713476][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.720784][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.728145][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.735359][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.742738][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.749676][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.756949][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.764113][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.771133][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.778097][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.803522][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.811565][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.818414][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.826173][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.834223][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.841032][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.848273][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.856244][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.863249][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.870371][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.878319][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.885146][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.901769][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.909338][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.917525][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.924374][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.931521][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.939834][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.946675][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.966400][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.974460][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.981612][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.989252][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.003346][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.011287][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.019478][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.027955][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.036160][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.043012][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.050159][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.058069][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.065941][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.074161][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.082277][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.089086][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.102430][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.110642][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.118849][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.125788][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.133214][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.141329][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.149676][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.156608][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.183355][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.191485][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.199450][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.208438][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.216572][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.224467][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.232279][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.240044][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.261723][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.269699][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.278212][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.286236][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.294479][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.302701][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.310425][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.318622][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.339117][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.375624][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.384096][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.391920][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.399637][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.408730][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.417314][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.425258][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.433786][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.442276][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.450543][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.458604][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.466515][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.476219][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.484344][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.493139][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.501169][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.509498][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.517762][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.530701][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.539188][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.563534][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.595029][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.606985][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.615271][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.654299][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.662943][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.670803][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.679356][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.688855][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.697612][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.706395][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.714998][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.731015][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.746948][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.762278][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.770488][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.806852][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.815290][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.823805][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.832893][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.841266][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.850180][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.858989][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.867400][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.252530][ T74] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 24.434675][ T420] syz-executor.0 (pid 420) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 24.479033][ T420] fscrypt: AES-128-CTS-CBC using implementation "cts(cbc-aes-aesni)" [ 24.512191][ T74] usb 4-1: Using ep0 maxpacket: 16 [ 24.551218][ T420] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 24.589274][ T433] syz-executor.1 (433) used greatest stack depth: 20760 bytes left [ 24.622048][ T435] FAT-fs (loop1): Unrecognized mount option "SQ*“^ål•­õW@ " or missing value [ 24.661954][ T74] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 24.670973][ T74] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 24.680829][ T74] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 24.690554][ T74] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 24.700540][ T74] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 24.711282][ T74] usb 4-1: config 1 interface 0 has no altsetting 0 [ 24.717939][ T74] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 24.727239][ T74] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.839527][ T74] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 24.867264][ T438] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 25.245067][ T453] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.262741][ T74] scsi host1: usb-storage 4-1:1.0 [ 25.435623][ T458] EXT4-fs (loop1): unsupported inode size: 264 [ 25.455508][ T458] EXT4-fs (loop1): blocksize: 1024 [ 25.668896][ T448] ====================================================== [ 25.668896][ T448] WARNING: the mand mount option is being deprecated and [ 25.668896][ T448] will be removed in v5.15! [ 25.668896][ T448] ====================================================== [ 25.696532][ T448] F2FS-fs (loop0): Invalid log sectorsize (67108873) [ 25.703242][ T448] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 25.773872][ T448] F2FS-fs (loop0): invalid crc value [ 25.784449][ T448] F2FS-fs (loop0): Found nat_bits in checkpoint [ 25.808942][ T448] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 25.812875][ T473] FAT-fs (loop2): Unrecognized mount option "SQ*“^ål•­õW@ " or missing value [ 25.818578][ T448] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 26.051601][ T431] udevd[431]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 26.149507][ T23] kauditd_printk_skb: 64 callbacks suppressed [ 26.149516][ T23] audit: type=1400 audit(1718244631.690:140): avc: denied { append } for pid=446 comm="syz-executor.0" path="/root/syzkaller-testdir1040262625/syzkaller.G83q09/1/file0/bus" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.269610][ T493] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 26.322646][ T392] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 26.613584][ T392] usb 4-1: USB disconnect, device number 2 [ 26.631769][ T455] sddr09: could not read card info [ 26.636990][ T9] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 26.644928][ T9] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 26.651535][ T9] sd 1:0:0:0: [sdb] Write Protect is off [ 26.659736][ T9] sd 1:0:0:0: [sdb] Asking for cache data failed [ 26.666729][ T9] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 26.686874][ T9] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 26.757905][ T431] udevd[431]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 27.390232][ T522] FAT-fs (loop2): Unrecognized mount option "SQ*“^ål•­õW@ " or missing value [ 27.515094][ T528] EXT4-fs (loop1): unsupported inode size: 264 [ 27.529273][ T528] EXT4-fs (loop1): blocksize: 1024 [ 27.603941][ T533] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 27.956048][ T23] audit: type=1326 audit(1718244633.500:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=527 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb23b27fea9 code=0x0 [ 28.112430][ T559] IPv6: addrconf: prefix option has invalid lifetime [ 28.255890][ T530] F2FS-fs (loop3): Invalid log sectorsize (67108873) [ 28.262571][ T530] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 28.272413][ T530] F2FS-fs (loop3): invalid crc value [ 28.279068][ T530] F2FS-fs (loop3): Found nat_bits in checkpoint [ 28.532423][ T376] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 28.551357][ T530] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 28.563822][ T530] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 28.781705][ T376] usb 5-1: Using ep0 maxpacket: 16 [ 29.001396][ T376] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 29.012662][ T376] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 29.270184][ T376] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 29.292091][ T376] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 29.301787][ T376] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 29.311382][ T376] usb 5-1: config 1 interface 0 has no altsetting 0 [ 29.317915][ T376] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 29.326989][ T376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.372371][ T376] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 29.391768][ T393] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 29.392877][ T585] FAT-fs (loop3): Unrecognized mount option "SQ*“^ål•­õW@ " or missing value [ 29.548696][ T598] IPv6: addrconf: prefix option has invalid lifetime [ 29.599954][ T376] scsi host1: usb-storage 5-1:1.0 [ 30.012407][ T393] usb 1-1: Using ep0 maxpacket: 8 [ 30.182591][ T23] audit: type=1400 audit(1718244635.640:142): avc: denied { connect } for pid=595 comm="syz-executor.3" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 30.263805][ T23] audit: type=1400 audit(1718244635.650:143): avc: denied { write } for pid=595 comm="syz-executor.3" laddr=::1 lport=7 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 30.301855][ T393] usb 1-1: config 135 has an invalid interface number: 230 but max is 0 [ 30.310803][ T393] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 30.321003][ T393] usb 1-1: config 135 has no interface number 0 [ 30.327288][ T393] usb 1-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 30.427334][ T608] EXT4-fs (loop1): unsupported inode size: 264 [ 30.436061][ T608] EXT4-fs (loop1): blocksize: 1024 [ 30.501796][ T393] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 30.510679][ T393] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.518493][ T393] usb 1-1: Product: syz [ 30.522498][ T393] usb 1-1: Manufacturer: syz [ 30.526865][ T393] usb 1-1: SerialNumber: syz [ 30.541908][ T23] audit: type=1326 audit(1718244636.090:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=607 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb23b27fea9 code=0x0 [ 30.642281][ T376] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 30.711714][ T13] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 30.805946][ T613] F2FS-fs (loop2): Invalid log sectorsize (67108873) [ 30.806932][ T393] usb 1-1: USB disconnect, device number 2 [ 30.813053][ T613] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 30.827978][ T613] F2FS-fs (loop2): invalid crc value [ 30.835113][ T613] F2FS-fs (loop2): Found nat_bits in checkpoint [ 30.860423][ T613] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 30.867720][ T613] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 30.936816][ T124] usb 5-1: USB disconnect, device number 2 [ 30.951799][ T603] sddr09: could not read card info [ 30.956892][ T13] usb 4-1: Using ep0 maxpacket: 16 [ 30.962238][ T179] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 30.969331][ T179] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 30.975520][ T179] sd 1:0:0:0: [sdb] Write Protect is off [ 30.981076][ T179] sd 1:0:0:0: [sdb] Asking for cache data failed [ 30.987221][ T179] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 30.998288][ T179] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 31.014677][ T431] udevd[431]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 31.091788][ T13] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 31.101718][ T13] usb 4-1: config 0 has no interfaces? [ 31.106970][ T13] usb 4-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 31.117287][ T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.126634][ T13] usb 4-1: config 0 descriptor?? [ 31.346380][ T23] audit: type=1400 audit(1718244636.890:145): avc: denied { read } for pid=630 comm="syz-executor.0" name="ppp" dev="devtmpfs" ino=214 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.369780][ T23] audit: type=1400 audit(1718244636.890:146): avc: denied { open } for pid=630 comm="syz-executor.0" path="/dev/ppp" dev="devtmpfs" ino=214 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.427204][ T611] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 31.623497][ T23] audit: type=1400 audit(1718244637.170:147): avc: denied { ioctl } for pid=630 comm="syz-executor.0" path="/dev/ppp" dev="devtmpfs" ino=214 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.675365][ T23] audit: type=1400 audit(1718244637.220:148): avc: denied { bind } for pid=637 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 31.738853][ T644] IPv6: addrconf: prefix option has invalid lifetime [ 31.839421][ T23] audit: type=1400 audit(1718244637.380:149): avc: denied { read } for pid=610 comm="syz-executor.3" name="event0" dev="devtmpfs" ino=9888 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 31.863227][ T23] audit: type=1400 audit(1718244637.380:150): avc: denied { open } for pid=610 comm="syz-executor.3" path="/dev/input/event0" dev="devtmpfs" ino=9888 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 32.513112][ T657] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 32.544080][ T124] usb 4-1: USB disconnect, device number 3 [ 32.672975][ T23] audit: type=1400 audit(1718244638.220:151): avc: denied { write } for pid=663 comm="syz-executor.0" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 32.941767][ T13] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 33.082836][ T659] F2FS-fs (loop1): Invalid log sectorsize (67108873) [ 33.089438][ T659] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 33.102509][ T659] F2FS-fs (loop1): invalid crc value [ 33.130228][ T659] F2FS-fs (loop1): Found nat_bits in checkpoint [ 33.159626][ T659] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 33.166564][ T659] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 33.181727][ T376] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 33.181740][ T13] usb 3-1: Using ep0 maxpacket: 8 [ 33.321811][ T13] usb 3-1: config 135 has an invalid interface number: 230 but max is 0 [ 33.330220][ T13] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 33.340629][ T13] usb 3-1: config 135 has no interface number 0 [ 33.346923][ T13] usb 3-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 33.431739][ T376] usb 5-1: Using ep0 maxpacket: 16 [ 33.531944][ T13] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 33.551889][ T376] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 33.560675][ T376] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 33.560862][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.598326][ T13] usb 3-1: Product: syz [ 33.602504][ T13] usb 3-1: Manufacturer: syz [ 33.606897][ T13] usb 3-1: SerialNumber: syz [ 33.651738][ T376] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 33.661341][ T376] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 33.673581][ T376] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 33.683418][ T376] usb 5-1: config 1 interface 0 has no altsetting 0 [ 33.689829][ T376] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 33.698917][ T376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.707179][ T695] IPv6: addrconf: prefix option has invalid lifetime [ 34.002030][ T543] usb 3-1: USB disconnect, device number 2 [ 34.016228][ T376] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 34.672678][ T376] scsi host1: usb-storage 5-1:1.0 [ 35.180199][ T23] audit: type=1400 audit(1718244640.720:152): avc: denied { setopt } for pid=713 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.421739][ T376] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 35.575538][ T23] audit: type=1400 audit(1718244641.120:153): avc: denied { create } for pid=729 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 35.614001][ T724] F2FS-fs (loop1): Invalid log sectorsize (67108873) [ 35.620569][ T724] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 35.630736][ T724] F2FS-fs (loop1): invalid crc value [ 35.637750][ T724] F2FS-fs (loop1): Found nat_bits in checkpoint [ 35.731775][ T23] audit: type=1400 audit(1718244641.250:154): avc: denied { prog_run } for pid=729 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 35.758278][ T724] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 35.765703][ T724] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 35.826378][ T376] usb 1-1: Using ep0 maxpacket: 16 [ 35.832225][ T543] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 35.951797][ T376] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 35.971788][ T376] usb 1-1: config 0 has no interfaces? [ 35.977138][ T376] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 35.990338][ T376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.000547][ T376] usb 1-1: config 0 descriptor?? [ 36.123601][ T697] usb 5-1: USB disconnect, device number 3 [ 36.141723][ T707] sddr09: could not read card info [ 36.146832][ T9] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 36.156426][ T9] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 36.165630][ T9] sd 1:0:0:0: [sdb] Write Protect is off [ 36.172650][ T9] sd 1:0:0:0: [sdb] Asking for cache data failed [ 36.179513][ T9] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 36.184716][ T742] IPv6: addrconf: prefix option has invalid lifetime [ 36.199900][ T9] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 36.221486][ T431] udevd[431]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 36.245305][ T716] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 37.245433][ T716] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 37.263449][ T124] usb 1-1: USB disconnect, device number 3 [ 37.631769][ T697] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 37.674435][ T368] udevd[368]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 37.820509][ T756] F2FS-fs (loop3): invalid crc value [ 37.827407][ T756] F2FS-fs (loop3): Found nat_bits in checkpoint [ 37.854265][ T781] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue [ 37.868832][ T756] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 37.882628][ T781] ext4 filesystem being mounted at /root/syzkaller-testdir1040262625/syzkaller.G83q09/19/file1 supports timestamps until 2038 (0x7fffffff) [ 37.901951][ T697] usb 5-1: Using ep0 maxpacket: 8 [ 37.971025][ T23] kauditd_printk_skb: 2 callbacks suppressed [ 37.971034][ T23] audit: type=1400 audit(1718244643.510:157): avc: denied { mounton } for pid=780 comm="syz-executor.0" path="/root/syzkaller-testdir1040262625/syzkaller.G83q09/19/file1/file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 38.005737][ T781] EXT4-fs (loop0): re-mounted. Opts: (null) [ 38.041841][ T697] usb 5-1: config 135 has an invalid interface number: 230 but max is 0 [ 38.050236][ T697] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 38.061342][ T697] usb 5-1: config 135 has no interface number 0 [ 38.067661][ T697] usb 5-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 38.232583][ T697] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 38.246234][ T697] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.257212][ T697] usb 5-1: Product: syz [ 38.261542][ T697] usb 5-1: Manufacturer: syz [ 38.266237][ T697] usb 5-1: SerialNumber: syz [ 38.320618][ T376] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 38.822148][ T543] usb 5-1: USB disconnect, device number 4 [ 38.831981][ T23] audit: type=1400 audit(1718244644.370:158): avc: denied { append } for pid=144 comm="syslogd" name="messages" dev="tmpfs" ino=353 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 38.855684][ T23] audit: type=1400 audit(1718244644.380:159): avc: denied { open } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=353 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 38.879293][ T23] audit: type=1400 audit(1718244644.380:160): avc: denied { getattr } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=353 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 38.915990][ T124] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 39.081808][ T376] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 39.100863][ T376] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 39.111708][ T376] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 39.168927][ T376] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 39.182131][ T124] usb 2-1: Using ep0 maxpacket: 16 [ 39.251818][ T376] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 39.260824][ T376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 39.268749][ T376] usb 1-1: SerialNumber: syz [ 39.331830][ T124] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 39.356055][ T124] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 39.366558][ T124] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 39.400459][ T124] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 39.616614][ T376] usb 1-1: 0:2 : does not exist [ 39.622071][ T376] usb 1-1: unit 5 not found! [ 39.638989][ T124] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 39.641041][ T376] usb 1-1: USB disconnect, device number 4 [ 39.648863][ T124] usb 2-1: config 1 interface 0 has no altsetting 0 [ 39.660811][ T124] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 39.669851][ T124] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.721721][ T18] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 39.722292][ T124] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 39.942683][ T124] scsi host1: usb-storage 2-1:1.0 [ 39.971715][ T18] usb 3-1: Using ep0 maxpacket: 16 [ 40.028394][ T823] F2FS-fs (loop4): invalid crc value [ 40.043092][ T823] F2FS-fs (loop4): Found nat_bits in checkpoint [ 40.086378][ T823] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 40.346801][ T368] udevd[368]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 40.361801][ T18] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.371823][ T18] usb 3-1: config 0 has no interfaces? [ 40.377090][ T18] usb 3-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 40.385957][ T18] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.394930][ T18] usb 3-1: config 0 descriptor?? [ 40.656313][ T818] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 40.899513][ T23] audit: type=1400 audit(1718244646.440:161): avc: denied { create } for pid=854 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 40.936451][ T23] audit: type=1400 audit(1718244646.460:162): avc: denied { write } for pid=854 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 40.962962][ T124] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 41.065105][ T818] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 41.151986][ T18] usb 3-1: USB disconnect, device number 3 [ 41.301113][ T543] usb 2-1: USB disconnect, device number 2 [ 41.361807][ T826] sddr09: could not read card info [ 41.425486][ T179] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 41.435564][ T179] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 41.441443][ T179] sd 1:0:0:0: [sdb] Write Protect is off [ 41.447428][ T179] sd 1:0:0:0: [sdb] Asking for cache data failed [ 41.453788][ T179] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 41.489204][ T179] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 41.538035][ T368] udevd[368]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 41.897760][ T876] syz-executor.2 (876): /proc/875/oom_adj is deprecated, please use /proc/875/oom_score_adj instead. [ 41.921601][ T857] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 41.943419][ T857] F2FS-fs (loop4): invalid crc value [ 41.977813][ T23] audit: type=1400 audit(1718244647.520:163): avc: denied { setopt } for pid=890 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.023781][ T857] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 42.048609][ T23] audit: type=1400 audit(1718244647.550:164): avc: denied { nlmsg_read } for pid=890 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.072589][ T23] audit: type=1400 audit(1718244647.610:165): avc: denied { write } for pid=899 comm="syz-executor.2" name="ppp" dev="devtmpfs" ino=214 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.097738][ T23] audit: type=1400 audit(1718244647.610:166): avc: denied { execute } for pid=899 comm="syz-executor.2" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=15489 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 43.444914][ T23] kauditd_printk_skb: 7 callbacks suppressed [ 43.444923][ T23] audit: type=1400 audit(1718244648.990:174): avc: denied { write } for pid=941 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 43.861719][ T5] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 43.906439][ T948] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 43.914019][ T948] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 43.929324][ T948] F2FS-fs (loop3): Found nat_bits in checkpoint [ 43.971957][ T948] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 43.978878][ T948] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 43.983716][ T923] F2FS-fs (loop0): invalid crc value [ 43.993917][ T23] audit: type=1400 audit(1718244649.540:175): avc: denied { setattr } for pid=947 comm="syz-executor.3" path="/root/syzkaller-testdir3785256697/syzkaller.b4g10H/27/bus" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.009081][ T923] F2FS-fs (loop0): Found nat_bits in checkpoint [ 44.021636][ T23] audit: type=1400 audit(1718244649.550:176): avc: denied { create } for pid=947 comm="syz-executor.3" name="file5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 44.065607][ T923] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 44.111768][ T5] usb 3-1: Using ep0 maxpacket: 32 [ 44.225730][ T23] audit: type=1400 audit(1718244649.770:177): avc: denied { create } for pid=968 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 44.231796][ T5] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.256344][ T5] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.266165][ T23] audit: type=1400 audit(1718244649.820:178): avc: denied { connect } for pid=968 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 44.266569][ T5] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 44.295110][ T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.310181][ T23] audit: type=1400 audit(1718244649.850:179): avc: denied { setopt } for pid=968 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 44.342296][ T5] hub 3-1:4.0: USB hub found [ 44.416521][ T23] audit: type=1400 audit(1718244649.960:180): avc: denied { write } for pid=981 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 44.561792][ T5] hub 3-1:4.0: config failed, hub has too many ports! (err -19) [ 44.641055][ T997] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue [ 44.656382][ T997] ext4 filesystem being mounted at /root/syzkaller-testdir1040262625/syzkaller.G83q09/26/file1 supports timestamps until 2038 (0x7fffffff) [ 44.671255][ T23] audit: type=1400 audit(1718244650.210:181): avc: denied { bind } for pid=1007 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 44.769292][ T997] EXT4-fs (loop0): re-mounted. Opts: (null) [ 44.882095][ T543] usb 3-1: USB disconnect, device number 4 [ 44.992877][ T1017] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 45.000511][ T1017] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 45.012090][ T1017] F2FS-fs (loop1): Found nat_bits in checkpoint [ 45.051732][ T376] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 45.060709][ T1017] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 45.068094][ T1017] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 45.147203][ T1000] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 45.156425][ T1000] F2FS-fs (loop4): invalid crc value [ 45.181528][ T1000] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 45.238618][ T1000] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 45.379538][ T23] audit: type=1400 audit(1718244650.920:182): avc: denied { ioctl } for pid=1032 comm="syz-executor.1" path="socket:[14879]" dev="sockfs" ino=14879 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 45.431811][ T376] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 45.446074][ T376] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 45.460742][ T376] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 45.472054][ T376] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 45.571847][ T376] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 45.580822][ T376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 45.588897][ T376] usb 1-1: SerialNumber: syz [ 45.601520][ T1046] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 45.612218][ T1046] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 45.892614][ T376] usb 1-1: 0:2 : does not exist [ 45.897344][ T376] usb 1-1: unit 5 not found! [ 45.907877][ T376] usb 1-1: USB disconnect, device number 5 [ 45.913945][ T23] audit: type=1400 audit(1718244651.460:183): avc: denied { create } for pid=1063 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 46.102448][ T1078] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 46.233769][ T1075] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 46.284130][ T1056] F2FS-fs (loop2): QUOTA feature is enabled, so ignore jquota_fmt [ 46.294221][ T1056] F2FS-fs (loop2): invalid crc value [ 46.322680][ T1056] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 46.396546][ T1075] kvm: emulating exchange as write [ 46.406836][ T1056] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 46.523778][ T1100] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,barrier=0x0000000000001000,grpjquota=,norecovery,noauto_da_alloc,,errors=continue [ 46.539762][ T1100] ext4 filesystem being mounted at /root/syzkaller-testdir1689151218/syzkaller.auPXBy/52/file1 supports timestamps until 2038 (0x7fffffff) [ 46.561901][ T376] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 46.620441][ T1100] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 46.748034][ T1112] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'. [ 47.121110][ T1124] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue [ 47.136542][ T1124] ext4 filesystem being mounted at /root/syzkaller-testdir3785256697/syzkaller.b4g10H/40/file1 supports timestamps until 2038 (0x7fffffff) [ 47.210485][ T376] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.223037][ T376] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.232877][ T376] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 47.245816][ T376] usb 5-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 47.254865][ T376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.265271][ T1124] EXT4-fs (loop3): re-mounted. Opts: (null) [ 47.271210][ T376] usb 5-1: config 0 descriptor?? [ 47.541734][ T74] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 47.793064][ T376] holtek_mouse 0003:04D9:A070.0001: unbalanced collection at end of report description [ 47.803138][ T376] holtek_mouse 0003:04D9:A070.0001: hid parse failed: -22 [ 47.810151][ T376] holtek_mouse: probe of 0003:04D9:A070.0001 failed with error -22 [ 47.901798][ T74] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 47.912382][ T74] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 47.921119][ T74] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 47.932088][ T74] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 48.021874][ T74] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 48.030763][ T74] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 48.038511][ T1139] F2FS-fs (loop0): QUOTA feature is enabled, so ignore jquota_fmt [ 48.040203][ T1139] F2FS-fs (loop0): invalid crc value [ 48.047341][ T74] usb 4-1: SerialNumber: syz [ 48.085691][ T1139] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 48.106639][ T1139] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 48.556967][ T74] usb 4-1: 0:2 : does not exist [ 48.561823][ T74] usb 4-1: unit 5 not found! [ 48.568454][ T74] usb 4-1: USB disconnect, device number 4 [ 48.861843][ T23] kauditd_printk_skb: 14 callbacks suppressed [ 48.861872][ T23] audit: type=1400 audit(1718244654.390:198): avc: denied { mount } for pid=1170 comm="syz-executor.0" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 49.037050][ T74] usb 5-1: USB disconnect, device number 5 [ 49.045102][ T370] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc-aes-aesni)" [ 49.053084][ T23] audit: type=1400 audit(1718244654.590:199): avc: denied { unmount } for pid=372 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 49.149610][ T23] audit: type=1400 audit(1718244654.690:200): avc: denied { read } for pid=1175 comm="syz-executor.3" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 49.291152][ T23] audit: type=1400 audit(1718244654.830:201): avc: denied { create } for pid=1191 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 49.403502][ T23] audit: type=1400 audit(1718244654.950:202): avc: denied { create } for pid=1196 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 49.469806][ T23] audit: type=1326 audit(1718244655.010:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1206 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48d811eea9 code=0x0 [ 49.493822][ T23] audit: type=1400 audit(1718244655.040:204): avc: denied { write } for pid=1196 comm="syz-executor.4" path="socket:[16102]" dev="sockfs" ino=16102 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 49.893800][ T1216] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 50.151724][ T18] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 50.291760][ T124] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 50.304126][ T1234] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 50.436624][ T18] usb 5-1: Using ep0 maxpacket: 8 [ 51.169909][ T23] audit: type=1326 audit(1718244656.710:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1249 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faedddc6ea9 code=0x0 [ 51.211874][ T18] usb 5-1: config 135 has an invalid interface number: 230 but max is 0 [ 51.220162][ T18] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 51.230608][ T18] usb 5-1: config 135 has no interface number 0 [ 51.296713][ T18] usb 5-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 51.319540][ T23] audit: type=1400 audit(1718244656.860:206): avc: denied { create } for pid=1255 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 51.351848][ T124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.366255][ T124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.375965][ T124] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 51.388737][ T124] usb 4-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 51.397586][ T124] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.406457][ T124] usb 4-1: config 0 descriptor?? [ 51.415461][ T1257] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 51.424463][ T1257] ext4 filesystem being mounted at /root/syzkaller-testdir1017708678/syzkaller.dygcgt/66/bus supports timestamps until 2038 (0x7fffffff) [ 51.454545][ T23] audit: type=1400 audit(1718244657.000:207): avc: denied { read write } for pid=1255 comm="syz-executor.2" name="vga_arbiter" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 51.549529][ T18] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 51.903789][ T18] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.912313][ T18] usb 5-1: Product: syz [ 51.916916][ T18] usb 5-1: Manufacturer: syz [ 51.921443][ T18] usb 5-1: SerialNumber: syz [ 51.954106][ T1274] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 52.175346][ T697] usb 5-1: USB disconnect, device number 6 [ 52.177535][ T1269] syz-executor.2 (1269) used greatest stack depth: 20248 bytes left [ 52.192467][ T124] holtek_mouse 0003:04D9:A070.0002: unbalanced collection at end of report description [ 52.202991][ T124] holtek_mouse 0003:04D9:A070.0002: hid parse failed: -22 [ 52.210385][ T124] holtek_mouse: probe of 0003:04D9:A070.0002 failed with error -22 [ 52.391456][ T1293] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.398613][ T1293] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.406554][ T1293] device bridge_slave_0 entered promiscuous mode [ 52.414049][ T1298] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 52.430541][ T1293] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.437668][ T1293] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.445040][ T1293] device bridge_slave_1 entered promiscuous mode [ 52.489276][ T1293] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.494310][ T1285] F2FS-fs (loop2): invalid crc value [ 52.496132][ T1293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.504925][ T1285] F2FS-fs (loop2): Found nat_bits in checkpoint [ 52.508384][ T1293] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.521192][ T1293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.548314][ T1285] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 52.554279][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.561944][ T1285] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 52.569498][ T18] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.576919][ T18] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.584377][ T373] attempt to access beyond end of device [ 52.584377][ T373] loop2: rw=2049, want=45104, limit=40427 [ 52.612190][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.620297][ T697] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.627145][ T697] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.634665][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.642689][ T697] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.649514][ T697] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.664864][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.682778][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.690977][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.704696][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.720698][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.738587][ T1306] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 52.750272][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.762349][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.910829][ T9] device bridge_slave_1 left promiscuous mode [ 52.917078][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.924342][ T9] device bridge_slave_0 left promiscuous mode [ 52.930315][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.113669][ T1321] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 53.122912][ T1321] ext4 filesystem being mounted at /root/syzkaller-testdir1017708678/syzkaller.dygcgt/70/bus supports timestamps until 2038 (0x7fffffff) [ 53.296943][ T1326] erspan0: refused to change device tx_queue_len [ 53.373635][ T1334] EXT4-fs (loop4): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue [ 53.388716][ T1334] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 53.416772][ T18] usb 4-1: USB disconnect, device number 5 [ 53.448816][ T1340] tipc: Started in network mode [ 53.453738][ T1340] tipc: Own node identity , cluster identity 4711 [ 53.461700][ T1340] tipc: Failed to set node id, please configure manually [ 53.468873][ T1340] tipc: Enabling of bearer rejected, failed to enable media [ 53.494923][ T1344] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 53.633329][ T1366] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 53.637159][ T1371] tipc: Started in network mode [ 53.655204][ T1371] tipc: Own node identity , cluster identity 4711 [ 53.661573][ T1371] tipc: Failed to set node id, please configure manually [ 53.668551][ T1371] tipc: Enabling of bearer rejected, failed to enable media [ 53.871766][ T1385] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 53.880600][ T1385] ext4 filesystem being mounted at /root/syzkaller-testdir1017708678/syzkaller.dygcgt/72/file0 supports timestamps until 2038 (0x7fffffff) [ 53.897584][ T1398] tipc: Started in network mode [ 53.897936][ T1385] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 53.902655][ T1398] tipc: Own node identity , cluster identity 4711 [ 53.910535][ T1385] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 53.917057][ T1398] tipc: Failed to set node id, please configure manually [ 53.932306][ T1398] tipc: Enabling of bearer rejected, failed to enable media [ 53.990383][ T23] kauditd_printk_skb: 14 callbacks suppressed [ 53.990392][ T23] audit: type=1400 audit(1718244659.530:222): avc: denied { create } for pid=1403 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 54.111773][ T1348] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 54.713571][ T1412] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 54.722503][ T1412] ext4 filesystem being mounted at /root/syzkaller-testdir1017708678/syzkaller.dygcgt/73/bus supports timestamps until 2038 (0x7fffffff) [ 54.939517][ T1437] tipc: Started in network mode [ 54.944395][ T1437] tipc: Own node identity , cluster identity 4711 [ 54.946897][ T1434] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 54.950598][ T1437] tipc: Failed to set node id, please configure manually [ 54.959950][ T1434] ext4 filesystem being mounted at /root/syzkaller-testdir2137514394/syzkaller.AYG31X/76/file0 supports timestamps until 2038 (0x7fffffff) [ 54.966341][ T1437] tipc: Enabling of bearer rejected, failed to enable media [ 54.994140][ T1434] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27 [ 55.003233][ T1434] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27 [ 55.061867][ T1348] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.072612][ T1348] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.082150][ T1348] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 55.095880][ T1348] usb 4-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 55.106744][ T1348] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.179943][ T1348] usb 4-1: config 0 descriptor?? [ 55.489482][ T23] audit: type=1400 audit(1718244661.030:223): avc: denied { create } for pid=1456 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 55.519301][ T23] audit: type=1400 audit(1718244661.030:224): avc: denied { setopt } for pid=1456 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 55.609044][ T1467] tipc: Started in network mode [ 55.615194][ T1467] tipc: Own node identity , cluster identity 4711 [ 55.621496][ T1467] tipc: Failed to set node id, please configure manually [ 55.628481][ T1467] tipc: Enabling of bearer rejected, failed to enable media [ 55.667820][ T1472] [ 55.669952][ T1472] ********************************************************** [ 55.678004][ T1472] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 55.686368][ T1472] ** ** [ 55.693982][ T1472] ** trace_printk() being used. Allocating extra memory. ** [ 55.721747][ T1472] ** ** [ 55.775837][ T1472] ** This means that this is a DEBUG kernel and it is ** [ 55.848462][ T1472] ** unsafe for production use. ** [ 55.874118][ T1472] ** ** [ 55.883277][ T1472] ** If you see this message and you are not debugging ** [ 55.890510][ T1472] ** the kernel, report this immediately to your vendor! ** [ 55.901319][ T1472] ** ** [ 55.905125][ T1348] holtek_mouse 0003:04D9:A070.0003: unbalanced collection at end of report description [ 55.908894][ T1472] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 55.925610][ T1472] ********************************************************** [ 55.961287][ T1348] holtek_mouse 0003:04D9:A070.0003: hid parse failed: -22 [ 55.968520][ T1348] holtek_mouse: probe of 0003:04D9:A070.0003 failed with error -22 [ 56.027719][ T1498] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.105167][ T1499] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 56.114499][ T1499] ext4 filesystem being mounted at /root/syzkaller-testdir2137514394/syzkaller.AYG31X/78/bus supports timestamps until 2038 (0x7fffffff) [ 56.493509][ T1348] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 56.885792][ T1348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 56.896780][ T1348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 56.908115][ T1348] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 56.921121][ T1348] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 56.930028][ T1348] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.938452][ T1348] usb 3-1: config 0 descriptor?? [ 56.992347][ T1503] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 57.066051][ T1521] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure [ 57.208053][ T623] usb 4-1: USB disconnect, device number 6 [ 57.299270][ T23] audit: type=1400 audit(1718244662.840:225): avc: denied { create } for pid=1534 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 57.326007][ T23] audit: type=1400 audit(1718244662.870:226): avc: denied { connect } for pid=1534 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 57.384341][ T1533] F2FS-fs (loop1): invalid crc value [ 57.391414][ T1533] F2FS-fs (loop1): Found nat_bits in checkpoint [ 57.433484][ T1533] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 57.440118][ T1533] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 57.448498][ T1348] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 57.456856][ T1348] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 57.465760][ T1348] plantronics 0003:047F:FFFF.0004: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 57.493996][ T1293] attempt to access beyond end of device [ 57.493996][ T1293] loop1: rw=2049, want=45104, limit=40427 [ 57.498765][ T1544] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 57.540964][ T23] audit: type=1400 audit(1718244663.080:227): avc: denied { map } for pid=1538 comm="syz-executor.3" path="/root/syzkaller-testdir3785256697/syzkaller.b4g10H/53/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 57.567795][ T23] audit: type=1400 audit(1718244663.080:228): avc: denied { execute } for pid=1538 comm="syz-executor.3" path="/root/syzkaller-testdir3785256697/syzkaller.b4g10H/53/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 57.732144][ T1348] usb 3-1: USB disconnect, device number 5 [ 58.103092][ T1553] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 58.115641][ T1553] ext4 filesystem being mounted at /root/syzkaller-testdir248689926/syzkaller.qRj9bC/28/bus supports timestamps until 2038 (0x7fffffff) [ 58.129868][ T23] audit: type=1400 audit(1718244663.680:229): avc: denied { read } for pid=1559 comm="syz-executor.4" name="msr" dev="devtmpfs" ino=9175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 58.222983][ T23] audit: type=1400 audit(1718244663.680:230): avc: denied { open } for pid=1559 comm="syz-executor.4" path="/dev/cpu/0/msr" dev="devtmpfs" ino=9175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 58.383438][ T1570] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 58.564156][ T1579] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 58.573042][ T1579] ext4 filesystem being mounted at /root/syzkaller-testdir3785256697/syzkaller.b4g10H/55/file0 supports timestamps until 2038 (0x7fffffff) [ 58.629508][ T1582] EXT4-fs (loop2): Ignoring removed orlov option [ 58.633475][ T1579] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 58.636118][ T1582] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 58.644179][ T1579] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 58.669856][ T1582] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 58.729115][ T23] audit: type=1400 audit(1718244664.270:231): avc: denied { mounton } for pid=1581 comm="syz-executor.2" path="/root/syzkaller-testdir1017708678/syzkaller.dygcgt/80/file1/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 58.761868][ T623] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 58.993443][ T1607] overlayfs: failed to resolve './file0': -2 [ 59.003718][ T1607] overlayfs: failed to resolve './file0': -2 [ 59.057874][ T23] kauditd_printk_skb: 4 callbacks suppressed [ 59.057883][ T23] audit: type=1400 audit(1718244664.600:236): avc: denied { write } for pid=1618 comm="syz-executor.2" name="uinput" dev="devtmpfs" ino=9890 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 59.059033][ T1620] input: syz1 as /devices/virtual/input/input5 [ 59.093957][ T23] audit: type=1400 audit(1718244664.640:237): avc: denied { read } for pid=147 comm="acpid" name="event3" dev="devtmpfs" ino=18071 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.096909][ T1620] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 59.130084][ T23] audit: type=1400 audit(1718244664.640:238): avc: denied { open } for pid=147 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=18071 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.153755][ T23] audit: type=1400 audit(1718244664.640:239): avc: denied { ioctl } for pid=147 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=18071 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.178733][ T623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.191104][ T1613] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 59.192195][ T623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.206434][ T1613] ext4 filesystem being mounted at /root/syzkaller-testdir1040262625/syzkaller.G83q09/55/bus supports timestamps until 2038 (0x7fffffff) [ 59.210403][ T623] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 59.225516][ T23] audit: type=1400 audit(1718244664.640:240): avc: denied { mounton } for pid=1618 comm="syz-executor.2" path="/root/syzkaller-testdir1017708678/syzkaller.dygcgt/84/file0" dev="tmpfs" ino=18072 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 59.237324][ T623] usb 5-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 59.271936][ T23] audit: type=1400 audit(1718244664.740:241): avc: denied { mount } for pid=1612 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 59.271958][ T623] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.294014][ T23] audit: type=1400 audit(1718244664.790:242): avc: denied { read } for pid=1618 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 59.302813][ T623] usb 5-1: config 0 descriptor?? [ 59.410410][ T1637] 9pnet: Insufficient options for proto=fd [ 59.459816][ T1643] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 59.852545][ T623] holtek_mouse 0003:04D9:A070.0005: unbalanced collection at end of report description [ 59.862737][ T623] holtek_mouse 0003:04D9:A070.0005: hid parse failed: -22 [ 59.869697][ T623] holtek_mouse: probe of 0003:04D9:A070.0005 failed with error -22 [ 59.897357][ T23] audit: type=1400 audit(1718244665.440:243): avc: denied { unmount } for pid=372 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 59.949551][ T23] audit: type=1400 audit(1718244665.490:244): avc: denied { connect } for pid=1652 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 60.111594][ T1659] input: syz1 as /devices/virtual/input/input6 [ 60.143704][ T1657] F2FS-fs (loop1): invalid crc value [ 60.150244][ T1657] F2FS-fs (loop1): Found nat_bits in checkpoint [ 60.182751][ T1657] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 60.189482][ T1657] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 60.222045][ T1293] attempt to access beyond end of device [ 60.222045][ T1293] loop1: rw=2049, want=45104, limit=40427 [ 60.482049][ T1675] 9pnet: Insufficient options for proto=fd [ 60.613497][ T23] audit: type=1400 audit(1718244666.160:245): avc: denied { mount } for pid=1681 comm="syz-executor.3" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 60.638758][ T1684] EXT4-fs error (device loop1): ext4_get_branch:178: inode #13: block 1024: comm syz-executor.1: invalid block [ 60.650683][ T1684] EXT4-fs (loop1): Remounting filesystem read-only [ 60.657072][ T1684] EXT4-fs error (device loop1): ext4_free_branches:1022: inode #13: comm syz-executor.1: invalid indirect mapped block 1024 (level 0) [ 60.671455][ T1684] EXT4-fs error (device loop1): ext4_validate_block_bitmap:418: comm syz-executor.1: bg 0: block 35: padding at end of block bitmap is not set [ 60.686014][ T1684] EXT4-fs error (device loop1) in ext4_free_blocks:5019: Corrupt filesystem [ 60.694715][ T1684] EXT4-fs (loop1): 1 truncate cleaned up [ 60.700248][ T1684] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,dioread_lock,bsddf, [ 61.072700][ T1702] input: syz1 as /devices/virtual/input/input7 [ 61.182639][ T1705] EXT4-fs (loop0): Ignoring removed orlov option [ 61.188919][ T1705] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 61.203985][ T1705] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 61.242261][ T372] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor.0: path /root/syzkaller-testdir1040262625/syzkaller.G83q09/63/file1: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=33261, rec_len=1050, size=1024 fake=0 [ 61.369411][ T697] usb 5-1: USB disconnect, device number 7 [ 61.408118][ T1710] EXT4-fs (loop3): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue [ 61.426845][ T1710] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.472100][ T1717] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.478976][ T1717] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.487490][ T1717] device bridge_slave_0 entered promiscuous mode [ 61.495768][ T1717] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.502659][ T1717] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.509815][ T1717] device bridge_slave_1 entered promiscuous mode [ 61.558494][ T1717] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.565363][ T1717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.572484][ T1717] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.579214][ T1717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.588954][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.596524][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.691851][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.699292][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.709722][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.717957][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.726248][ T697] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.733105][ T697] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.941052][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.949732][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.957895][ T392] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.964762][ T392] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.980730][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.988749][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.012170][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.020041][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.029142][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.037395][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.045690][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.053424][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.065959][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.073943][ T697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.089609][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.098131][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.106879][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.115021][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.163141][ T1752] EXT4-fs (loop0): Unsupported blocksize for fs encryption [ 62.182341][ T443] device bridge_slave_1 left promiscuous mode [ 62.188331][ T443] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.195677][ T443] device bridge_slave_0 left promiscuous mode [ 62.201727][ T443] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.493133][ T1759] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 62.525842][ T1770] overlayfs: failed to resolve './file0': -2 [ 62.538885][ T1770] overlayfs: failed to resolve './file0': -2 [ 62.551731][ T623] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 62.565929][ T1774] syz-executor.3[1774] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.565979][ T1774] syz-executor.3[1774] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.589507][ T1774] device wg2 entered promiscuous mode [ 62.754153][ T1775] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 63.131906][ T623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.142702][ T623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.152253][ T623] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 63.164896][ T623] usb 1-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 63.174048][ T623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.182597][ T623] usb 1-1: config 0 descriptor?? [ 63.186964][ T1794] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 63.331724][ T697] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 63.814669][ T623] holtek_mouse 0003:04D9:A070.0006: unbalanced collection at end of report description [ 63.824542][ T623] holtek_mouse 0003:04D9:A070.0006: hid parse failed: -22 [ 63.831582][ T623] holtek_mouse: probe of 0003:04D9:A070.0006 failed with error -22 [ 63.861831][ T697] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 63.872845][ T697] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 63.883727][ T697] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 63.896410][ T697] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 63.905256][ T697] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.914303][ T697] usb 3-1: config 0 descriptor?? [ 63.928241][ T1810] overlayfs: failed to resolve './file0': -2 [ 63.934419][ T1789] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 63.943387][ T1810] overlayfs: failed to resolve './file0': -2 [ 63.959078][ T1812] syz-executor.1[1812] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.959117][ T1812] syz-executor.1[1812] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.978313][ T1812] device wg2 entered promiscuous mode [ 64.393029][ T697] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd [ 64.402035][ T697] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 64.412583][ T697] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 64.543250][ T1821] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 64.672300][ T697] usb 3-1: USB disconnect, device number 6 [ 64.693444][ T1826] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 64.702351][ T1826] ext4 filesystem being mounted at /root/syzkaller-testdir3785256697/syzkaller.b4g10H/85/file0 supports timestamps until 2038 (0x7fffffff) [ 64.719778][ T1826] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 64.728090][ T1826] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 65.143048][ T1834] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 65.150689][ T1834] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 65.153440][ T623] usb 1-1: USB disconnect, device number 6 [ 65.160630][ T1834] F2FS-fs (loop1): invalid crc value [ 65.171341][ T1834] F2FS-fs (loop1): Found nat_bits in checkpoint [ 65.210157][ T1834] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 65.217413][ T1834] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 65.228200][ T23] kauditd_printk_skb: 8 callbacks suppressed [ 65.228209][ T23] audit: type=1400 audit(1718244670.780:254): avc: denied { mounton } for pid=1833 comm="syz-executor.1" path="/root/syzkaller-testdir248689926/syzkaller.qRj9bC/50/bus/file0" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 65.261321][ T23] audit: type=1400 audit(1718244670.780:255): avc: denied { setattr } for pid=1833 comm="syz-executor.1" name="work" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 65.497074][ T1855] input: syz1 as /devices/virtual/input/input9 [ 65.609892][ T23] audit: type=1400 audit(1718244671.150:256): avc: denied { setattr } for pid=1861 comm="syz-executor.1" name="file0" dev="incremental-fs" ino=1966 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 65.683538][ T1865] binder: 1864:1865 ioctl c00c620f 0 returned -14 [ 66.293457][ T1875] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 66.568103][ T121] cfg80211: failed to load regulatory.db [ 66.573660][ T124] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 66.583406][ T1886] F2FS-fs (loop4): Found nat_bits in checkpoint [ 66.610519][ T1886] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 66.819360][ T1853] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 66.842181][ T370] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 66.850249][ T370] CPU: 1 PID: 370 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 66.860188][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 66.870079][ T370] Call Trace: [ 66.873224][ T370] dump_stack+0x1d8/0x241 [ 66.877375][ T370] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 66.883018][ T370] ? f2fs_lookup_extent_cache+0x16b/0xc30 [ 66.888572][ T370] f2fs_is_valid_blkaddr+0xc2d/0x1380 [ 66.893780][ T370] f2fs_map_blocks+0xbe7/0x2a30 [ 66.898467][ T370] ? f2fs_force_buffered_io+0x4e0/0x4e0 [ 66.903845][ T370] ? preempt_count_add+0x8f/0x180 [ 66.908704][ T370] ? prep_new_page+0x115/0x370 [ 66.913306][ T370] f2fs_mpage_readpages+0x1206/0x2730 [ 66.918607][ T370] ? f2fs_update_iostat+0x240/0x240 [ 66.923635][ T370] ? preempt_schedule_irq+0xe7/0x140 [ 66.928756][ T370] ? should_fail+0x1ad/0x880 [ 66.933183][ T370] ? f2fs_is_compress_backend_ready+0x9d/0x130 [ 66.939167][ T370] ? f2fs_read_data_pages+0xc3/0x2a0 [ 66.944290][ T370] ? f2fs_set_data_page_dirty+0x740/0x740 [ 66.949844][ T370] read_pages+0x119/0x400 [ 66.954012][ T370] ? __do_page_cache_readahead+0x4f0/0x4f0 [ 66.959659][ T370] ? avc_has_perm_noaudit+0x3d0/0x3d0 [ 66.964860][ T370] ? filename_lookup+0x50e/0x6e0 [ 66.969640][ T370] __do_page_cache_readahead+0x448/0x4f0 [ 66.975103][ T370] ? read_cache_pages_invalidate_pages+0x1b0/0x1b0 [ 66.981524][ T370] f2fs_readdir+0x417/0xaf0 [ 66.985867][ T370] ? f2fs_fill_dentries+0xe10/0xe10 [ 66.990995][ T370] ? down_read_killable+0x101/0x220 [ 66.996025][ T370] ? __fsnotify_parent+0x310/0x310 [ 67.000973][ T370] ? security_file_permission+0x1dc/0x2f0 [ 67.006533][ T370] iterate_dir+0x266/0x4e0 [ 67.010784][ T370] ? f2fs_fill_dentries+0xe10/0xe10 [ 67.015829][ T370] ksys_getdents64+0x21b/0x4c0 [ 67.020439][ T370] ? __ia32_sys_getdents+0x80/0x80 [ 67.025362][ T370] ? ksys_getdents64+0x4c0/0x4c0 [ 67.030137][ T370] ? __do_page_fault+0x725/0xbb0 [ 67.034909][ T370] __x64_sys_getdents64+0x76/0x80 [ 67.039768][ T370] do_syscall_64+0xca/0x1c0 [ 67.044117][ T370] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 67.049878][ T370] RIP: 0033:0x7fba6dea03a3 [ 67.054090][ T370] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 8b fa ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 [ 67.073532][ T370] RSP: 002b:00007fff8c1bc8b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 67.081775][ T370] RAX: ffffffffffffffda RBX: 0000555556b6c850 RCX: 00007fba6dea03a3 [ 67.089583][ T370] RDX: 0000000000008000 RSI: 0000555556b6c850 RDI: 0000000000000005 [ 67.097394][ T370] RBP: 0000555556b6c824 R08: 0000000000000000 R09: 0000000000000000 [ 67.105203][ T370] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb0 [ 67.113019][ T370] R13: 0000000000000010 R14: 0000555556b6c820 R15: 0000000000000001 [ 67.122012][ T370] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 67.129540][ T370] CPU: 1 PID: 370 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 67.139429][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 67.149406][ T370] Call Trace: [ 67.152562][ T370] dump_stack+0x1d8/0x241 [ 67.156703][ T370] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 67.162344][ T370] ? f2fs_lookup_extent_cache+0x16b/0xc30 [ 67.167985][ T370] f2fs_is_valid_blkaddr+0xc2d/0x1380 [ 67.173197][ T370] f2fs_get_read_data_page+0x4d1/0x8c0 [ 67.178488][ T370] ? page_cache_prev_miss+0x410/0x410 [ 67.183902][ T370] ? f2fs_get_block+0x1b0/0x1b0 [ 67.188604][ T370] ? pagecache_get_page+0x5a7/0x750 [ 67.193603][ T370] f2fs_find_data_page+0x182/0x3f0 [ 67.198551][ T370] f2fs_readdir+0x424/0xaf0 [ 67.202890][ T370] ? f2fs_fill_dentries+0xe10/0xe10 [ 67.207932][ T370] ? down_read_killable+0x101/0x220 [ 67.213074][ T370] ? __fsnotify_parent+0x310/0x310 [ 67.218027][ T370] ? security_file_permission+0x1dc/0x2f0 [ 67.223574][ T370] iterate_dir+0x266/0x4e0 [ 67.227813][ T370] ? f2fs_fill_dentries+0xe10/0xe10 [ 67.232845][ T370] ksys_getdents64+0x21b/0x4c0 [ 67.237446][ T370] ? __ia32_sys_getdents+0x80/0x80 [ 67.242393][ T370] ? ksys_getdents64+0x4c0/0x4c0 [ 67.247168][ T370] ? __do_page_fault+0x725/0xbb0 [ 67.251940][ T370] __x64_sys_getdents64+0x76/0x80 [ 67.256801][ T370] do_syscall_64+0xca/0x1c0 [ 67.261140][ T370] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 67.266871][ T370] RIP: 0033:0x7fba6dea03a3 [ 67.271116][ T370] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 8b fa ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 [ 67.290597][ T370] RSP: 002b:00007fff8c1bc8b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 67.298805][ T370] RAX: ffffffffffffffda RBX: 0000555556b6c850 RCX: 00007fba6dea03a3 [ 67.306626][ T370] RDX: 0000000000008000 RSI: 0000555556b6c850 RDI: 0000000000000005 [ 67.314424][ T370] RBP: 0000555556b6c824 R08: 0000000000000000 R09: 0000000000000000 [ 67.322236][ T370] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb0 [ 67.330045][ T370] R13: 0000000000000010 R14: 0000555556b6c820 R15: 0000000000000001 [ 67.344124][ T1910] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 67.392151][ T443] attempt to access beyond end of device [ 67.392151][ T443] loop4: rw=2049, want=40992, limit=40427 [ 67.411020][ T1914] syz-executor.0[1914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.411053][ T1914] syz-executor.0[1914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.426483][ T1914] device wg2 entered promiscuous mode [ 67.431896][ T124] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 67.466051][ T124] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 67.477487][ T124] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 67.490267][ T124] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 67.499403][ T124] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.508990][ T124] usb 3-1: config 0 descriptor?? [ 67.531799][ T1879] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 67.581906][ T1853] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.592872][ T1853] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.611753][ T1853] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 67.637111][ T1853] usb 4-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 67.646464][ T1853] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.655628][ T1853] usb 4-1: config 0 descriptor?? [ 67.919676][ T370] syz-executor.4 (370) used greatest stack depth: 19384 bytes left [ 68.000696][ T1925] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.007646][ T1925] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.014952][ T1925] device bridge_slave_0 entered promiscuous mode [ 68.022909][ T1925] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.029730][ T1925] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.037088][ T1925] device bridge_slave_1 entered promiscuous mode [ 68.079429][ T1925] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.086272][ T1925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.093403][ T1925] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.100144][ T1925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.122561][ T124] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 68.127897][ T1348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.131237][ T124] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 68.145096][ T1348] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.147572][ T124] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 68.164370][ T1348] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.182939][ T1853] holtek_mouse 0003:04D9:A070.0009: unbalanced collection at end of report description [ 68.192873][ T1853] holtek_mouse 0003:04D9:A070.0009: hid parse failed: -22 [ 68.199841][ T1853] holtek_mouse: probe of 0003:04D9:A070.0009 failed with error -22 [ 68.209894][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.218704][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.226641][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.234986][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.243253][ T1853] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.250080][ T1853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.257554][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.265679][ T1853] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.272526][ T1853] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.279689][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.287646][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.301262][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.311188][ T1348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.333857][ T443] device bridge_slave_1 left promiscuous mode [ 68.340676][ T443] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.349330][ T443] device bridge_slave_0 left promiscuous mode [ 68.356197][ T443] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.385670][ T23] audit: type=1400 audit(1718244673.930:257): avc: denied { mounton } for pid=1931 comm="syz-executor.4" path="/root/syzkaller-testdir2609304144/syzkaller.IfrOtu/1/bus" dev="devtmpfs" ino=148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 68.423172][ T74] usb 3-1: USB disconnect, device number 7 [ 68.471277][ T23] audit: type=1400 audit(1718244674.010:258): avc: denied { connect } for pid=1935 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 68.491240][ T23] audit: type=1400 audit(1718244674.010:259): avc: denied { write } for pid=1935 comm="syz-executor.0" path="socket:[18904]" dev="sockfs" ino=18904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 68.743388][ T23] audit: type=1400 audit(1718244674.290:260): avc: denied { bind } for pid=1942 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 69.376599][ T23] audit: type=1400 audit(1718244674.920:261): avc: denied { ioctl } for pid=1957 comm="syz-executor.4" path="/dev/fuse" dev="devtmpfs" ino=9177 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 69.411135][ T1964] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 69.428782][ T124] usb 4-1: USB disconnect, device number 7 [ 69.490295][ T23] audit: type=1400 audit(1718244675.030:262): avc: denied { write } for pid=1973 comm="syz-executor.2" name="cgroup.subtree_control" dev="cgroup2" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 69.983194][ T1993] EXT4-fs (loop0): Unsupported blocksize for fs encryption [ 70.001793][ T124] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 70.117804][ T1988] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 70.118811][ T2000] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 70.125609][ T1988] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 70.150230][ T1988] F2FS-fs (loop4): invalid crc value [ 70.157489][ T1988] F2FS-fs (loop4): Found nat_bits in checkpoint [ 70.183324][ T1988] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 70.183333][ T2005] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 70.186755][ T2005] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a814e11d, mo2=0002] [ 70.190179][ T1988] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 70.215335][ T2005] System zones: 0-1, 4-36, 102-102 [ 70.220997][ T2005] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,debug,norecovery,grpquota,norecovery,,errors=continue [ 70.570174][ T124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 70.586027][ T23] audit: type=1400 audit(1718244675.950:263): avc: denied { write } for pid=2004 comm="syz-executor.1" name="fib_trie" dev="proc" ino=4026532932 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 70.608867][ T13] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 70.616407][ T124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 70.647495][ T124] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 70.660494][ T124] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 70.669708][ T124] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.679674][ T124] usb 4-1: config 0 descriptor?? [ 70.701837][ T1969] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 70.890917][ T23] audit: type=1400 audit(1718244676.430:264): avc: denied { write } for pid=2025 comm="syz-executor.4" name="001" dev="devtmpfs" ino=9885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 70.945584][ T2028] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 70.963718][ T2028] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,errors=remount-ro,nombcache,sysvgroups, [ 70.975627][ T2028] ext4 filesystem being mounted at /root/syzkaller-testdir2609304144/syzkaller.IfrOtu/14/file0 supports timestamps until 2038 (0x7fffffff) [ 70.990778][ T2028] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 3: comm syz-executor.4: lblock 8 mapped to illegal pblock 3 (length 26) [ 71.005703][ T2028] EXT4-fs (loop4): Remounting filesystem read-only [ 71.012336][ T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.023592][ T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.033398][ T13] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 71.046198][ T13] usb 1-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 71.059199][ T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.068686][ T13] usb 1-1: config 0 descriptor?? [ 71.152531][ T124] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xd [ 71.168542][ T124] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 71.188029][ T124] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 71.260924][ T23] audit: type=1400 audit(1718244676.800:265): avc: denied { create } for pid=2052 comm="syz-executor.4" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 71.282772][ T23] audit: type=1400 audit(1718244676.830:266): avc: denied { setattr } for pid=2052 comm="syz-executor.4" name="bus" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 71.311277][ T23] audit: type=1400 audit(1718244676.860:267): avc: denied { unlink } for pid=1925 comm="syz-executor.4" name="bus" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 71.426943][ T2061] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 71.432607][ T1348] usb 4-1: USB disconnect, device number 8 [ 71.453234][ T2061] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,errors=remount-ro,nombcache,sysvgroups, [ 71.465147][ T2061] ext4 filesystem being mounted at /root/syzkaller-testdir2609304144/syzkaller.IfrOtu/22/file0 supports timestamps until 2038 (0x7fffffff) [ 71.484767][ T2072] input: syz1 as /devices/virtual/input/input12 [ 71.497207][ T2061] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 3: comm syz-executor.4: lblock 8 mapped to illegal pblock 3 (length 26) [ 71.511626][ T2061] EXT4-fs (loop4): Remounting filesystem read-only [ 71.683551][ T13] holtek_mouse 0003:04D9:A070.000B: unbalanced collection at end of report description [ 71.693669][ T13] holtek_mouse 0003:04D9:A070.000B: hid parse failed: -22 [ 71.700633][ T13] holtek_mouse: probe of 0003:04D9:A070.000B failed with error -22 [ 71.769263][ T2099] input: syz1 as /devices/virtual/input/input13 [ 71.775889][ T2093] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 71.785734][ T2093] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 72.331696][ T1348] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 72.486748][ T2129] input: syz1 as /devices/virtual/input/input14 [ 72.571724][ T1348] usb 2-1: Using ep0 maxpacket: 8 [ 72.673410][ T2145] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 72.683200][ T2145] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 72.691915][ T1348] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 72.790058][ T2156] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 72.861790][ T1348] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice=ac.f5 [ 72.870698][ T1348] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.878600][ T1348] usb 2-1: Product: syz [ 72.882737][ T1348] usb 2-1: Manufacturer: syz [ 72.887159][ T1348] usb 2-1: SerialNumber: syz [ 72.892409][ T1348] usb 2-1: config 0 descriptor?? [ 72.949113][ T23] audit: type=1400 audit(1718244678.490:268): avc: denied { name_bind } for pid=2171 comm="syz-executor.4" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 72.982820][ T1982] usb 1-1: USB disconnect, device number 7 [ 73.043606][ T2175] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 73.057190][ T23] audit: type=1400 audit(1718244678.600:269): avc: denied { create } for pid=2179 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 73.079831][ T2183] bridge: RTM_DELNEIGH with unconfigured vlan 1 on bridge0 [ 73.088654][ T2175] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,errors=remount-ro,nombcache,sysvgroups, [ 73.101821][ T2175] ext4 filesystem being mounted at /root/syzkaller-testdir2609304144/syzkaller.IfrOtu/31/file0 supports timestamps until 2038 (0x7fffffff) [ 73.126387][ T2175] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 3: comm syz-executor.4: lblock 8 mapped to illegal pblock 3 (length 26) [ 73.141907][ T121] usb 2-1: USB disconnect, device number 3 [ 73.163389][ T2175] EXT4-fs (loop4): Remounting filesystem read-only [ 73.481123][ T23] audit: type=1400 audit(1718244679.020:270): avc: denied { read } for pid=2211 comm="syz-executor.3" dev="nsfs" ino=4026532284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 73.483565][ T2216] bridge: RTM_DELNEIGH with unconfigured vlan 1 on bridge0 [ 73.506667][ T23] audit: type=1400 audit(1718244679.050:271): avc: denied { open } for pid=2211 comm="syz-executor.3" path="net:[4026532284]" dev="nsfs" ino=4026532284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 73.534961][ T23] audit: type=1400 audit(1718244679.050:272): avc: denied { setopt } for pid=2211 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 73.556073][ T2215] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 73.739582][ T2256] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 73.765550][ T2251] EXT4-fs (sda1): Ignoring removed bh option [ 73.771484][ T2251] EXT4-fs (sda1): changing journal_checksum during remount not supported; ignoring [ 73.780739][ T2251] EXT4-fs (sda1): re-mounted. Opts: nojournal_checksum,grpjquota=grpid,block_validity,sysvgroups,bh,noblock_validity,nolazytime,jqfmt=vfsold,resuid=0x0000000000000000,debug,jqfmt=vfsv0,debug,,errors=continue [ 73.920016][ T2258] F2FS-fs (loop4): invalid crc value [ 73.926963][ T2258] F2FS-fs (loop4): Found nat_bits in checkpoint [ 73.953726][ T2258] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 73.960463][ T2258] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 74.011821][ T2270] virtio-fs: tag <(null)> not found [ 74.063153][ T1925] attempt to access beyond end of device [ 74.063153][ T1925] loop4: rw=524288, want=45072, limit=40427 [ 74.074475][ T1925] attempt to access beyond end of device [ 74.074475][ T1925] loop4: rw=0, want=45072, limit=40427 [ 74.102101][ T443] attempt to access beyond end of device [ 74.102101][ T443] loop4: rw=2049, want=40992, limit=40427 [ 74.332532][ T1853] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 74.495471][ T2291] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.502380][ T2291] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.509743][ T2291] device bridge_slave_0 entered promiscuous mode [ 74.518456][ T2291] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.525420][ T2291] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.532885][ T2291] device bridge_slave_1 entered promiscuous mode [ 74.592903][ T2291] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.599944][ T2291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.607123][ T2291] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.613980][ T2291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.646288][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.654919][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.662587][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.684224][ T1853] usb 1-1: Using ep0 maxpacket: 8 [ 74.703521][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.711786][ T121] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.718604][ T121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.726050][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.734035][ T121] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.740856][ T121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.762749][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.770974][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.779446][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.787503][ T443] device bridge_slave_1 left promiscuous mode [ 74.794275][ T443] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.801571][ T443] device bridge_slave_0 left promiscuous mode [ 74.808361][ T443] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.821789][ T1853] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 74.868073][ T1348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.884143][ T1982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.897075][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.908612][ T1982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.991759][ T1853] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice=ac.f5 [ 75.000719][ T1853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.012780][ T1853] usb 1-1: Product: syz [ 75.016824][ T1853] usb 1-1: Manufacturer: syz [ 75.021228][ T1853] usb 1-1: SerialNumber: syz [ 75.026758][ T1853] usb 1-1: config 0 descriptor?? [ 75.131596][ T2309] F2FS-fs (loop1): invalid crc value [ 75.285992][ T1348] usb 1-1: USB disconnect, device number 8 [ 75.375693][ T2309] F2FS-fs (loop1): Found nat_bits in checkpoint [ 75.441583][ T2309] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 75.448487][ T2309] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 75.569489][ T1293] attempt to access beyond end of device [ 75.569489][ T1293] loop1: rw=524288, want=45072, limit=40427 [ 75.580895][ T1293] attempt to access beyond end of device [ 75.580895][ T1293] loop1: rw=0, want=45072, limit=40427 [ 75.611483][ T443] attempt to access beyond end of device [ 75.611483][ T443] loop1: rw=2049, want=40992, limit=40427 [ 76.042386][ T2345] EXT4-fs (sda1): Ignoring removed bh option [ 76.048272][ T2345] EXT4-fs (sda1): changing journal_checksum during remount not supported; ignoring [ 76.059834][ T2345] EXT4-fs (sda1): re-mounted. Opts: nojournal_checksum,grpjquota=grpid,block_validity,sysvgroups,bh,noblock_validity,nolazytime,jqfmt=vfsold,resuid=0x0000000000000000,debug,jqfmt=vfsv0,debug,,errors=continue [ 76.059841][ T2340] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.059853][ T2340] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.138794][ T2340] device bridge_slave_0 entered promiscuous mode [ 76.147671][ T443] device bridge_slave_1 left promiscuous mode [ 76.154171][ T443] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.161598][ T443] device bridge_slave_0 left promiscuous mode [ 76.168215][ T443] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.245023][ T2340] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.252226][ T2340] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.262768][ T2340] device bridge_slave_1 entered promiscuous mode [ 76.390152][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.399155][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.423895][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.432805][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.442618][ T2353] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 76.452530][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.459376][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.469524][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.477691][ T2353] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a814e11d, mo2=0002] [ 76.486570][ T2353] System zones: 0-1, 4-36, 102-102 [ 76.492567][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.500675][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.502172][ T2353] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,debug,norecovery,grpquota,norecovery,,errors=continue [ 76.507636][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.528864][ T1982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.562435][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.570758][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.653088][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.661417][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.671983][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.678423][ T376] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 76.701339][ T1853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.941281][ T1982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.085530][ T2363] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.4'. [ 77.094827][ T2363] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.4'. [ 77.180923][ T2364] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 77.190208][ T2364] ext4 filesystem being mounted at /root/syzkaller-testdir2172502859/syzkaller.Ibp4gN/35/file0 supports timestamps until 2038 (0x7fffffff) [ 77.207184][ T2364] EXT4-fs (loop0): re-mounted. Opts: (null) [ 77.271807][ T376] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 77.283025][ T376] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 77.294104][ T376] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 77.306833][ T376] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.315702][ T376] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.324457][ T376] usb 4-1: config 0 descriptor?? [ 77.341764][ T2352] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 77.573908][ T2380] virtio-fs: tag <(null)> not found [ 77.681973][ T5] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 77.726717][ T23] kauditd_printk_skb: 11 callbacks suppressed [ 77.726726][ T23] audit: type=1400 audit(1718244683.270:284): avc: denied { mounton } for pid=2384 comm="syz-executor.2" path="/file0" dev="sda1" ino=1966 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 77.755698][ T2385] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 77.766522][ T2385] FAT-fs (loop5): unable to read boot sector [ 77.774199][ T23] audit: type=1400 audit(1718244683.320:285): avc: denied { write } for pid=2384 comm="syz-executor.2" name="file0" dev="sda1" ino=1966 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 77.797805][ T23] audit: type=1400 audit(1718244683.320:286): avc: denied { open } for pid=2384 comm="syz-executor.2" path="/file0" dev="sda1" ino=1966 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 77.875556][ T376] plantronics 0003:047F:FFFF.000C: unknown main item tag 0xd [ 77.884195][ T376] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 77.895831][ T376] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 77.951779][ T5] usb 2-1: Using ep0 maxpacket: 8 [ 77.958407][ T2364] EXT4-fs warning (device loop0): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount [ 77.958407][ T2364] [ 78.016591][ T1717] ================================================================== [ 78.024492][ T1717] BUG: KASAN: use-after-free in kthread_stop+0x37/0x4a0 [ 78.031248][ T1717] Write of size 4 at addr ffff8881e39d4ee0 by task syz-executor.0/1717 [ 78.039314][ T1717] [ 78.041489][ T1717] CPU: 0 PID: 1717 Comm: syz-executor.0 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 78.051469][ T1717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 78.061359][ T1717] Call Trace: [ 78.064510][ T1717] dump_stack+0x1d8/0x241 [ 78.068668][ T1717] ? prepare_exit_to_usermode+0x199/0x200 [ 78.074241][ T1717] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 78.079854][ T1717] ? printk+0xd1/0x111 [ 78.083767][ T1717] ? kthread_stop+0x37/0x4a0 [ 78.088189][ T1717] print_address_description+0x8c/0x600 [ 78.093578][ T1717] ? kthread_stop+0x37/0x4a0 [ 78.097993][ T1717] __kasan_report+0xf3/0x120 [ 78.102414][ T1717] ? kthread_stop+0x37/0x4a0 [ 78.106842][ T1717] kasan_report+0x30/0x60 [ 78.111005][ T1717] check_memory_region+0x272/0x280 [ 78.115963][ T1717] kthread_stop+0x37/0x4a0 [ 78.120209][ T1717] ext4_put_super+0x790/0xbb0 [ 78.124727][ T1717] ? ext4_drop_inode+0x1f0/0x1f0 [ 78.129494][ T1717] generic_shutdown_super+0x120/0x2a0 [ 78.134700][ T1717] kill_block_super+0x7a/0xe0 [ 78.139213][ T1717] deactivate_locked_super+0xa8/0x110 [ 78.144418][ T1717] deactivate_super+0x1e2/0x2a0 [ 78.149106][ T1717] ? retint_kernel+0x1b/0x1b [ 78.153530][ T1717] ? deactivate_locked_super+0x110/0x110 [ 78.159001][ T1717] cleanup_mnt+0x44e/0x500 [ 78.163263][ T1717] task_work_run+0x140/0x170 [ 78.163547][ T376] usb 4-1: USB disconnect, device number 9 [ 78.167689][ T1717] exit_to_usermode_loop+0x190/0x1a0 [ 78.167698][ T1717] prepare_exit_to_usermode+0x199/0x200 [ 78.167716][ T1717] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 78.189727][ T1717] RIP: 0033:0x7f04199421d7 [ 78.193976][ T1717] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 78.213416][ T1717] RSP: 002b:00007ffdadea6f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 78.221664][ T1717] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f04199421d7 [ 78.229471][ T1717] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdadea7010 [ 78.237458][ T1717] RBP: 00007ffdadea7010 R08: 0000000000000000 R09: 0000000000000000 [ 78.245266][ T1717] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdadea80c0 [ 78.253076][ T1717] R13: 00007f041999d636 R14: 0000000000012cf9 R15: 0000000000000005 [ 78.260891][ T1717] [ 78.263056][ T1717] Allocated by task 2: [ 78.266979][ T1717] __kasan_kmalloc+0x171/0x210 [ 78.271565][ T1717] kmem_cache_alloc+0xd9/0x250 [ 78.276174][ T1717] dup_task_struct+0x4f/0x600 [ 78.280688][ T1717] copy_process+0x56d/0x3230 [ 78.285108][ T1717] _do_fork+0x197/0x900 [ 78.289102][ T1717] kernel_thread+0x16a/0x1d0 [ 78.293526][ T1717] kthreadd+0x3b1/0x4f0 [ 78.297515][ T1717] ret_from_fork+0x1f/0x30 [ 78.301767][ T1717] [ 78.303934][ T1717] Freed by task 17: [ 78.307587][ T1717] __kasan_slab_free+0x1b5/0x270 [ 78.312364][ T1717] kmem_cache_free+0x10b/0x2c0 [ 78.316961][ T1717] rcu_do_batch+0x492/0xa00 [ 78.321297][ T1717] rcu_core+0x4c8/0xcb0 [ 78.325293][ T1717] __do_softirq+0x23b/0x6b7 [ 78.329620][ T1717] [ 78.331794][ T1717] The buggy address belongs to the object at ffff8881e39d4ec0 [ 78.331794][ T1717] which belongs to the cache task_struct of size 3904 [ 78.345776][ T1717] The buggy address is located 32 bytes inside of [ 78.345776][ T1717] 3904-byte region [ffff8881e39d4ec0, ffff8881e39d5e00) [ 78.358873][ T1717] The buggy address belongs to the page: [ 78.364357][ T1717] page:ffffea00078e7400 refcount:1 mapcount:0 mapping:ffff8881f5cf8280 index:0xffff8881e39d6e40 compound_mapcount: 0 [ 78.376421][ T1717] flags: 0x8000000000010200(slab|head) [ 78.381725][ T1717] raw: 8000000000010200 ffffea0007860400 0000000400000004 ffff8881f5cf8280 [ 78.390121][ T1717] raw: ffff8881e39d6e40 0000000080080007 00000001ffffffff 0000000000000000 [ 78.398536][ T1717] page dumped because: kasan: bad access detected [ 78.404798][ T1717] page_owner tracks the page as allocated [ 78.410345][ T1717] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 78.425199][ T1717] prep_new_page+0x18f/0x370 [ 78.429612][ T1717] get_page_from_freelist+0x2d13/0x2d90 [ 78.434996][ T1717] __alloc_pages_nodemask+0x393/0x840 [ 78.440199][ T1717] alloc_slab_page+0x39/0x3c0 [ 78.444711][ T1717] new_slab+0x97/0x440 [ 78.448614][ T1717] ___slab_alloc+0x2fe/0x490 [ 78.453261][ T1717] __slab_alloc+0x62/0xa0 [ 78.457439][ T1717] kmem_cache_alloc+0x109/0x250 [ 78.462115][ T1717] dup_task_struct+0x4f/0x600 [ 78.466628][ T1717] copy_process+0x56d/0x3230 [ 78.471067][ T1717] _do_fork+0x197/0x900 [ 78.475059][ T1717] __x64_sys_clone+0x26b/0x2c0 [ 78.479651][ T1717] do_syscall_64+0xca/0x1c0 [ 78.483989][ T1717] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 78.489709][ T1717] page_owner free stack trace missing [ 78.494916][ T1717] [ 78.497085][ T1717] Memory state around the buggy address: [ 78.502559][ T1717] ffff8881e39d4d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.510458][ T1717] ffff8881e39d4e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 78.518353][ T1717] >ffff8881e39d4e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 78.526249][ T1717] ^ [ 78.533284][ T1717] ffff8881e39d4f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.541266][ T1717] ffff8881e39d4f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.549162][ T1717] ================================================================== [ 78.557058][ T1717] Disabling lock debugging due to kernel taint 2024/06/13 02:11:24 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 78.566030][ T1717] ------------[ cut here ]------------ [ 78.571507][ T23] audit: type=1400 audit(1718244684.110:287): avc: denied { write } for pid=344 comm="syz-fuzzer" path="pipe:[10446]" dev="pipefs" ino=10446 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 78.592589][ T1717] refcount_t: addition on 0; use-after-free. [ 78.600115][ T1717] WARNING: CPU: 1 PID: 1717 at lib/refcount.c:25 refcount_warn_saturate+0x132/0x1a0 [ 78.609217][ T1717] Modules linked in: [ 78.612965][ T1717] CPU: 1 PID: 1717 Comm: syz-executor.0 Tainted: G B 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 78.624325][ T1717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 78.634233][ T1717] RIP: 0010:refcount_warn_saturate+0x132/0x1a0 [ 78.640298][ T1717] Code: 04 01 48 c7 c7 a0 0b fa 84 e8 6a ef 0d ff 0f 0b eb a9 e8 31 3b 37 ff c6 05 c4 97 1c 04 01 48 c7 c7 20 0c fa 84 e8 4e ef 0d ff <0f> 0b eb 8d e8 15 3b 37 ff c6 05 a9 97 1c 04 01 48 c7 c7 80 0c fa [ 78.659739][ T1717] RSP: 0018:ffff8881dad97c30 EFLAGS: 00010246 [ 78.665636][ T1717] RAX: 05321637fbe10400 RBX: 0000000000000002 RCX: ffff8881e127de80 [ 78.673448][ T1717] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 78.681261][ T1717] RBP: 0000000000000002 R08: ffffffff814d5cd2 R09: ffffed103ede5262 [ 78.689070][ T1717] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 78.696882][ T1717] R13: ffff8881e39d4ec0 R14: dffffc0000000000 R15: ffff8881e39d4ee0 [ 78.704695][ T1717] FS: 0000555556da0480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 78.713463][ T1717] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [